04 December 2019
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4553 Security Vulnerabilities fixed in Firefox ESR 68.3 4 December 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Firefox ESR Publisher: Mozilla Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-17012 CVE-2019-17011 CVE-2019-17010 CVE-2019-17009 CVE-2019-17008 CVE-2019-17005 CVE-2019-13722 CVE-2019-11745 Reference: ESB-2019.4507 ESB-2019.4449 Original Bulletin: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ - --------------------------BEGIN INCLUDED TEXT-------------------- Mozilla Foundation Security Advisory 2019-37 Announced December 3, 2019 Impact high Products Firefox ESR Fixed in Firefox ESR 68.3 # CVE-2019-17008: Use-after-free in worker destruction Reporter Looben Yang Impact high Description When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. References o Bug 1546331 # CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code Reporter Alexandru Michis Impact high Description When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash. References o Bug 1580156 # CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher Reporter Craig Disselkoen Impact high Description When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. References o Bug 1586176 # CVE-2019-17009: Updater temporary files accessible to unprivileged processes Reporter Robert Strong Impact moderate Description When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. References o Bug 1510494 # CVE-2019-17010: Use-after-free when performing device orientation checks Reporter Nils Impact moderate Description Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. References o Bug 1581084 # CVE-2019-17005: Buffer overflow in plain text serializer Reporter Mirko Brodesser Impact moderate Description The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. References o Bug 1584170 # CVE-2019-17011: Use-after-free when retrieving a document in antitracking Reporter Nils Impact moderate Description Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. References o Bug 1591334 # CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 Reporter Mozilla developers and community Impact high Description Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References o Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to email@example.com and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXeczM2aOgq3Tt24GAQjiJw//eftCwbmmCesM1o17CAFAXrxTXckRoVK0 J76ebKyxkpep1VzpyrIrCDb2eQDZcNAfBkvkxIPCwbBUScud0OnEd1/KYPlY+jMZ FvELgWpfxZNJZguLTaCp9IVi1Utj1ImTo+4TsLvnPTp/X22WbfSaGo2tZkzS2NLb nXxHbjja5/2PzydwMgq/vDOYklU82Gh8GRMrXEd5veJrA3YYdutXDzOtEqat2eHG lftT2XGsMGY9aV7BCGjzBE9a0CqqhA596Fp7yN7ChzyHW5ZF4jlKSO1gXIIlefxz SMMJNeSqpXix/OmyBMUgwAdxZyO4TwGLuh64tCbvPPv+OJRRbv/QJEiW1ePMmWAj 6/vEiFUJyELz9YxfH8KiDNE5Jg4ustVax0xb0MWvsqKMJ9t5MrJav9o1ew5buue/ visswmQnpMn/KyawSqJ/Am4iHhCq3Hj9/dVJtIRfiEHHYIIcgrLip3YnPB4mtRMN p+sfjZFYQSh1HmH+7tyieBH9xa60SygUWxp+gGGxPlmi43opjBYdwg66VxKhk3iW 7nGwUmfYp/no1w/KOcuLnm4/Ep6eSWkOHd9/UU5vD9avE8hPFA2cSAuiKbavJaBW c9lPc315r9pk+MxCPH+0nZZcpWloFJPNJLGcc2/H4iQdcITni9j12RRLPIvftOzU agfgcY0QgBA= =kbhN -----END PGP SIGNATURE-----