vulnerability

FreeBSD: VID-05463E0A-ABD3-4FA4-BD5F-CD5ED132D4C6 (CVE-2019-11753): mozilla -- multiple vulnerabilities

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Sep 3, 2019
Added
Sep 4, 2019
Modified
Oct 4, 2019

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-05463E0A-ABD3-4FA4-BD5F-CD5ED132D4C6:




Mozilla Foundation reports:



CVE-2019-11751: Malicious code execution through command line parameters


CVE-2019-11746: Use-after-free while manipulating video


CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML


CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images


CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service


CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location


CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB


CVE-2019-9812: Sandbox escape through Firefox Sync


CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com


CVE-2019-11743: Cross-origin access to unload event attributes


CVE-2019-11748: Persistence of WebRTC permissions in a third party context


CVE-2019-11749: Camera information available without prompting using getUserMedia


CVE-2019-5849: Out-of-bounds read in Skia


CVE-2019-11750: Type confusion in Spidermonkey


CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard


CVE-2019-11738: Content security policy bypass through hash-based sources in directives


CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list


CVE-2019-11734: Memory safety bugs fixed in Firefox 69


CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1


CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9




Solution(s)

freebsd-upgrade-package-firefoxfreebsd-upgrade-package-firefox-esrfreebsd-upgrade-package-libxulfreebsd-upgrade-package-linux-firefoxfreebsd-upgrade-package-linux-seamonkeyfreebsd-upgrade-package-linux-thunderbirdfreebsd-upgrade-package-seamonkeyfreebsd-upgrade-package-thunderbirdfreebsd-upgrade-package-waterfox
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.