New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Mozilla Foundation reports :
CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
CVE-2019-9816: Type confusion with object groups and UnboxedObjects
CVE-2019-9817: Stealing of cross-domain images using canvas
CVE-2019-9818: Use-after-free in crash generation server
CVE-2019-9819: Compartment mismatch with fetch API
CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
CVE-2019-9821: Use-after-free in AssertWorkerThread
CVE-2019-11691: Use-after-free in XMLHttpRequest
CVE-2019-11692: Use-after-free removing listeners in the event listener manager
CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
CVE-2019-7317: Use-after-free in png_image_free of libpng library
CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
CVE-2019-11695: Custom cursor can render over user interface outside of web content
CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts
CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions
CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
CVE-2019-11700: res: protocol can be used to open known local files
CVE-2019-11699: Incorrect domain name highlighting during page navigation
CVE-2019-11701: webcal: protocol default handler loads vulnerable web page
CVE-2019-9814: Memory safety bugs fixed in Firefox 67
CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
Solution
Update the affected packages.