Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the
refresh driver twice when only a single registration is expected. When a registration is later freed with
the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer
to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and
Firefox < 66. (CVE-2019-9796)
- When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a
PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent
through the proxy to another server. This behavior is disallowed by default when a proxy is manually
configured, but when enabled could allow for attacks on services and tools that bind to the localhost for
networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.
(CVE-2018-18506)
- Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR
60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that
with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects
Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. (CVE-2019-9788)
- A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using
JavaScript and the element is then removed while still in use. This results in a potentially exploitable
crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
(CVE-2019-9790)
- The type inference system allows the compilation of functions that can cause type confusions between
arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor
function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and
writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR
< 60.6, and Firefox < 66. (CVE-2019-9791)
Plugin Details
Supported Sensors: Agentless Assessment
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 1/29/2019
Reference Information
CVE: CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9794, CVE-2019-9795, CVE-2019-9796, CVE-2019-9801, CVE-2019-9810, CVE-2019-9813
BID: 106773, 107487, 107548