Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

firefox regression

Related Vulnerabilities: CVE-2019-11691   CVE-2019-11692   CVE-2019-11693   CVE-2019-11695   CVE-2019-11696   CVE-2019-11699   CVE-2019-11701   CVE-2019-7317   CVE-2019-9800   CVE-2019-9814   CVE-2019-9817   CVE-2019-9819   CVE-2019-9820   CVE-2019-9821   CVE-2019-11697   CVE-2019-11698   CVE-2019-9816  

USN-3991-2 caused a regression in Firefox

USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem.

Source

14 June 2019

firefox regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

USN-3991-2 caused a regression in Firefox

Software Description

  • firefox - Mozilla Open Source web browser

Details

USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821)

It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697)

It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698)

A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
firefox - 67.0.2+build2-0ubuntu0.19.04.1
Ubuntu 18.10
firefox - 67.0.2+build2-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
firefox - 67.0.2+build2-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
firefox - 67.0.2+build2-0ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started