SB2019052201 - Ubuntu update for Firefox
Published: May 22, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2019-11691)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in XMLHttpRequest (XHR) in an event loop. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Use-after-free (CVE-ID: CVE-2019-11692)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when listeners are removed from the event listener manager while still in use. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2019-11693)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in bufferdata function in WebGL with specific graphics drivers on Linux. A remote attacker can create a specially crafted web apge, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Spoofing attack (CVE-ID: CVE-2019-11695)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of custom cursor. A remote attacker can define a custom cursor by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface.
5) Spoofing attack (CVE-ID: CVE-2019-11696)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of .JNLP files that are not recognized as executable files. A remote attacker can trick the victim into downloading and running a malicious Java web start file and execute arbitrary Java code on the system.
Successful exploitation of the vulnerability requires that Java is installed on the system.
6) Spoofing attack (CVE-ID: CVE-2019-11699)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect highlighting of domain name in the address bar when navigating through pages. A remote attacker can perform spoofing attack.
7) Exposed dangerous method or function (CVE-ID: CVE-2019-11701)
The vulnerability allows a remote attacker to perform cross-site scripting attacks.
The vulnerability exists due to presence of a legacy support for webcal: protocol handler that allows to load a web site vulnerable to cross-site scripting attacks.
8) Use-after-free (CVE-ID: CVE-2019-7317)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to a use-after-free memory error in the png_image_free function, as defined in the png.c source code file when calling on png_safe_execute. A remote attacker can send specially crafted data, trigger a call on png_safe_execute and trigger memory corruption, resulting in a DoS condition.
9) Buffer overflow (CVE-ID: CVE-2019-9800)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary errors. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Buffer overflow (CVE-ID: CVE-2019-9814)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary errors. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-9817)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect access restrictions when reading images from a different domain. A remote attacker can use a canvas object under certain circumstances to violate same-origin policy and read image data from another domain name.
12) Input validation error (CVE-ID: CVE-2019-9819)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a JavaScript compartment mismatch when working with the fetch API. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
13) Use-after-free (CVE-ID: CVE-2019-9820)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free in ChromeEventHandler by DocShell. A remote attacker can trick the victim to visit a specially crafted web page, trigger use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
14) Use-after-free (CVE-ID: CVE-2019-9821)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in AssertWorkerThread due to a race condition with shared workers. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
15) Spoofing attack (CVE-ID: CVE-2019-11697)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of key combinations. A remote attacker can trick the victim to press ALT and "a" keystrokes on keyboard that delays extension installation prompt. A remote attacker can spoof the page and trick the victim to install malicious extension.
16) Spoofing attack (CVE-ID: CVE-2019-11698)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of drag and drop operations. A remote attacker can create a specially crafted hyperlink that when dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data.
Successful exploitation of the vulnerability may allow an attacker to steal user's browser history.
17) Type Confusion (CVE-ID: CVE-2019-9816)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when manipulating JavaScript objects in object groups via UnboxedObjects. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.