openSUSE-SU-2019:2251

openSUSE-SU-2019:2260

https://bugzilla.mozilla.org/show_bug.cgi?id=1565374

https://www.mozilla.org/security/advisories/mfsa2019-25/

https://www.mozilla.org/security/advisories/mfsa2019-26/

This update for MozillaFirefox fixes the following issues :

Updated to new ESR version 68.1 (bsc#1149323).

In addition to the already fixed vulnerabilities released in previous ESR updates, the following were also fixed: CVE-2019-11751, CVE-2019-11736, CVE-2019-9812, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735.

Several run-time issues were also resolved (bsc#1117473, bsc#1124525, bsc#1133810).

The version displayed in Help > About is now correct (bsc#1087200).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for MozillaFirefox to 68.1 fixes the following issues :

Security issues fixed :

  - CVE-2019-9811: Fixed a sandbox escape via installation     of malicious language pack. (bsc#1140868)

  - CVE-2019-9812: Fixed a sandbox escape through Firefox     Sync. (bsc#1149294)

  - CVE-2019-11710: Fixed several memory safety bugs.
    (bsc#1140868)

  - CVE-2019-11714: Fixed a potentially exploitable crash in     Necko. (bsc#1140868)

  - CVE-2019-11716: Fixed a sandbox bypass. (bsc#1140868)

  - CVE-2019-11718: Fixed inadequate sanitation in the     Activity Stream component. (bsc#1140868)

  - CVE-2019-11720: Fixed a character encoding XSS     vulnerability. (bsc#1140868)

  - CVE-2019-11721: Fixed a homograph domain spoofing issue     through unicode latin 'kra' character. (bsc#1140868)

  - CVE-2019-11723: Fixed a cookie leakage during add-on     fetching across private browsing boundaries.
    (bsc#1140868)

  - CVE-2019-11724: Fixed an outdated permission, granting     access to retired site input.mozilla.org. (bsc#1140868)

  - CVE-2019-11725: Fixed a Safebrowsing bypass involving     WebSockets. (bsc#1140868)

  - CVE-2019-11727: Fixed a vulnerability where it possible     to force NSS to sign CertificateVerify with PKCS#1 v1.5     signatures when those are the only ones advertised by     server in CertificateRequest in TLS 1.3. (bsc#1141322)

  - CVE-2019-11728: Fixed an improper handling of the     Alt-Svc header that allowed remote port scans.
    (bsc#1140868)

  - CVE-2019-11733: Fixed an insufficient protection of     stored passwords in 'Saved Logins'. (bnc#1145665)

  - CVE-2019-11735: Fixed several memory safety bugs.
    (bnc#1149293)

  - CVE-2019-11736: Fixed a file manipulation and privilege     escalation in Mozilla Maintenance Service. (bnc#1149292) 

  - CVE-2019-11738: Fixed a content security policy bypass     through hash-based sources in directives. (bnc#1149302)

  - CVE-2019-11740: Fixed several memory safety bugs.
    (bsc#1149299)

  - CVE-2019-11742: Fixed a same-origin policy violation     involving SVG filters and canvas to steal cross-origin     images. (bsc#1149303)

  - CVE-2019-11743: Fixed a timing side-channel attack on     cross-origin information, utilizing unload event     attributes. (bsc#1149298)

  - CVE-2019-11744: Fixed an XSS caused by breaking out of     title and textarea elements using innerHTML.
    (bsc#1149304)

  - CVE-2019-11746: Fixed a use-after-free while     manipulating video. (bsc#1149297)

  - CVE-2019-11752: Fixed a use-after-free while extracting     a key value in IndexedDB. (bsc#1149296)

  - CVE-2019-11753: Fixed a privilege escalation with     Mozilla Maintenance Service in custom Firefox     installation location. (bsc#1149295)

Non-security issues fixed :

&#9; - Latest update now also released for s390x. (bsc#1109465)

  - Fixed a segmentation fault on s390vsl082. (bsc#1117473)

  - Fixed a crash on SLES15 s390x. (bsc#1124525)

  - Fixed a segmentation fault. (bsc#1133810)

This update was imported from the SUSE:SLE-15:Update update project.

This update for MozillaFirefox to 68.1 fixes the following issues :

Security issues fixed :

CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. (bsc#1140868)

CVE-2019-9812: Fixed a sandbox escape through Firefox Sync.
(bsc#1149294)

CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868)

CVE-2019-11714: Fixed a potentially exploitable crash in Necko.
(bsc#1140868)

CVE-2019-11716: Fixed a sandbox bypass. (bsc#1140868)

CVE-2019-11718: Fixed inadequate sanitation in the Activity Stream component. (bsc#1140868)

CVE-2019-11720: Fixed a character encoding XSS vulnerability.
(bsc#1140868)

CVE-2019-11721: Fixed a homograph domain spoofing issue through unicode latin 'kra' character. (bsc#1140868)

CVE-2019-11723: Fixed a cookie leakage during add-on fetching across private browsing boundaries. (bsc#1140868)

CVE-2019-11724: Fixed an outdated permission, granting access to retired site input.mozilla.org. (bsc#1140868)

CVE-2019-11725: Fixed a Safebrowsing bypass involving WebSockets.
(bsc#1140868)

CVE-2019-11727: Fixed a vulnerability where it possible to force NSS to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3.
(bsc#1141322)

CVE-2019-11728: Fixed an improper handling of the Alt-Svc header that allowed remote port scans. (bsc#1140868)

CVE-2019-11733: Fixed an insufficient protection of stored passwords in 'Saved Logins'. (bnc#1145665)

CVE-2019-11735: Fixed several memory safety bugs. (bnc#1149293)

CVE-2019-11736: Fixed a file manipulation and privilege escalation in Mozilla Maintenance Service. (bnc#1149292)

CVE-2019-11738: Fixed a content security policy bypass through hash-based sources in directives. (bnc#1149302)

CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299)

CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303)

CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298)

CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304)

CVE-2019-11746: Fixed a use-after-free while manipulating video.
(bsc#1149297)

CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296)

CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295)

Non-security issues fixed: Latest update now also released for s390x.
(bsc#1109465)

Fixed a segmentation fault on s390vsl082. (bsc#1117473)

Fixed a crash on SLES15 s390x. (bsc#1124525)

Fixed a segmentation fault. (bsc#1133810)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

From Red Hat Security Advisory 2019:2663 :

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

[Updated 24 September 2019] Previously, this erratum was marked as having a security impact of Critical. This was incorrect; the security impact of this erratum has been changed to Important, to correctly reflect the highest impact rating of CVE fixes included in this release. No changes have been made to the packages.

Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.1.0 ESR.

Security Fix(es) :

* Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812)

* Mozilla: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 (CVE-2019-11735)

* Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740)

* Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742)

* Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744)

* Mozilla: Use-after-free while manipulating video (CVE-2019-11746)

* Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)

* Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743)

* Mozilla: Persistence of WebRTC permissions in a third party context (CVE-2019-11748)

* Mozilla: Camera information available without prompting using getUserMedia (CVE-2019-11749)

* Mozilla: Type confusion in Spidermonkey (CVE-2019-11750)

* Mozilla: Content security policy bypass through hash-based sources in directives (CVE-2019-11738)

* Mozilla: 'Forget about this site' removes sites from pre-loaded HSTS list (CVE-2019-11747)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The version of Firefox ESR installed on the remote Windows host is prior to 68.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-26 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-26 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 69.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-25 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 69.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-25 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy (CSP) protections, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, cause a denial of service, or execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735, CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)

It was discovered that a compromised content process could log in to a malicious Firefox Sync account. An attacker could potentially exploit this, in combination with another vulnerability, to disable the sandbox. (CVE-2019-9812)

It was discovered that addons.mozilla.org and accounts.firefox.com could be loaded in to the same content process. An attacker could potentially exploit this, in combination with another vulnerability that allowed a cross-site scripting (XSS) attack, to modify browser settings. (CVE-2019-11741)

It was discovered that the 'Forget about this site' feature in the history pane removes HTTP Strict Transport Security (HSTS) settings for sites on the pre-load list. An attacker could potentially exploit this to bypass the protections offered by HSTS. (CVE-2019-11747).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

[Updated 24 September 2019] Previously, this erratum was marked as having a security impact of Critical. This was incorrect; the security impact of this erratum has been changed to Important, to correctly reflect the highest impact rating of CVE fixes included in this release. No changes have been made to the packages.

Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.1.0 ESR.

Security Fix(es) :

* Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812)

* Mozilla: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 (CVE-2019-11735)

* Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740)

* Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742)

* Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744)

* Mozilla: Use-after-free while manipulating video (CVE-2019-11746)

* Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)

* Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743)

* Mozilla: Persistence of WebRTC permissions in a third party context (CVE-2019-11748)

* Mozilla: Camera information available without prompting using getUserMedia (CVE-2019-11749)

* Mozilla: Type confusion in Spidermonkey (CVE-2019-11750)

* Mozilla: Content security policy bypass through hash-based sources in directives (CVE-2019-11738)

* Mozilla: 'Forget about this site' removes sites from pre-loaded HSTS list (CVE-2019-11747)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Mozilla Foundation reports :

CVE-2019-11751: Malicious code execution through command line parameters

CVE-2019-11746: Use-after-free while manipulating video

CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML

CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images

CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service

CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location

CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB

CVE-2019-9812: Sandbox escape through Firefox Sync

CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com

CVE-2019-11743: Cross-origin access to unload event attributes

CVE-2019-11748: Persistence of WebRTC permissions in a third party context

CVE-2019-11749: Camera information available without prompting using getUserMedia

CVE-2019-5849: Out-of-bounds read in Skia

CVE-2019-11750: Type confusion in Spidermonkey

CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard

CVE-2019-11738: Content security policy bypass through hash-based sources in directives

CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list

CVE-2019-11734: Memory safety bugs fixed in Firefox 69

CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1

CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9

ID	Name	Product	Family	Severity
129772	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2620-1)	Nessus	SuSE Local Security Checks	high
129665	openSUSE Security Update : MozillaFirefox (openSUSE-2019-2260)	Nessus	SuSE Local Security Checks	high
129664	openSUSE Security Update : MozillaFirefox (openSUSE-2019-2251)	Nessus	SuSE Local Security Checks	high
129583	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:2545-1)	Nessus	SuSE Local Security Checks	high
128599	Oracle Linux 8 : firefox (ELSA-2019-2663)	Nessus	Oracle Linux Local Security Checks	high
128528	Mozilla Firefox ESR < 68.1	Nessus	Windows	high
128527	Mozilla Firefox ESR < 68.1	Nessus	MacOS X Local Security Checks	high
128525	Mozilla Firefox < 69.0	Nessus	Windows	high
128524	Mozilla Firefox < 69.0	Nessus	MacOS X Local Security Checks	high
128521	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : firefox vulnerabilities (USN-4122-1)	Nessus	Ubuntu Local Security Checks	high
128517	RHEL 8 : firefox (RHSA-2019:2663)	Nessus	Red Hat Local Security Checks	high
128491	FreeBSD : mozilla -- multiple vulnerabilities (05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6)	Nessus	FreeBSD Local Security Checks	high

CVE-2019-11749

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins