Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0166 Firefox patches critical type confusion vulnerability 19 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Firefox Firefox Extended Support Release Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-11707 Member content until: Friday, July 19 2019 Reference: ESB-2019.2158 OVERVIEW Mozilla have published new versions of Firefox and Firefox Extended Support Release to address a critical vulnerability which is being exploited in the wild. [1] IMPACT Mozilla has provided the following information: "# CVE-2019-11707: Type confusion in Array.pop Reporter: Samuel Gross of Google Project Zero, Coinbase Security Impact: critical Description A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop . This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw." [1] MITIGATION Mozilla advises upgrading to Firefox 67.0.3 or Firefox ESR 60.7.1 to address this vulnerability. [1] REFERENCES [1] Mozilla Foundation Security Advisory 2019-18 https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXQmKkmaOgq3Tt24GAQiyaQ/9HjVtT3++eGtMyUbdlPBjHK56mV+oy9Iy /qSqn2ylQsqAaHKVqelMlJKbc2CKQ5P2MalQF/hDf6kdQgwftLX8LGV70YEBDfYj 7Q6kcdhP4StFhv/EaEgv1YMfT4XIMK8aK88+Unv3+Fs0ygPgmTB3DiOsqQeiI1Uj v7iKojCRagyBbaB6OSCbPOnA33DabyCRNFN1mKmb+0OdHR7B9M/HpdyIz7Xi1Bcw oY+osBAy4TGCfMebBEDd+hhg+ouUhthCPzyJapOYNqbLFyGKGR+CZDaw5cStyoBa QgpQAobl3D71P7N8MFfnizSPK4D6eQBuaz/ZDAJM53Tzp2c+39ks4ZkRFJpjjgX4 e5Quza5JFk51r+EVcRXEOuhVM8QZucbp0MYFqbOCBGujka/typnmLr2GxGe5t0CK wo03roJj028N3bF8EG852UtKwqjguaiITBBU9RlexDbFmSywGyflELSeQtVN+x/p UBM32t3wCISEFtlFNMRwJSFp04jN36/0TnpSM9dBJpuAJBuJLJcfdTO/eeuWuIHA p7WSrD7YO+v/FecadsLJ6XcVgtdMFc2INlZk15f8WCmF3jA9+T731AmbCHIUIHYb NYRpCTRKSi1H/oZsXVCdVy1Ihw19CSUS5gAVMVKUa8U9B9EmVlXFKbwcxIFkCcG+ wB0xLnnAyUU= =8Eez -----END PGP SIGNATURE-----