Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-11762 (GCVE-0-2019-11762)
Vulnerability from cvelistv5 – Published: 2020-01-08 19:53 – Updated: 2024-08-04 23:03
VLAI?
EPSS
Summary
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Severity ?
No CVSS data available.
CWE
- document.domain-based origin isolation has same-origin-property violation
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1582857 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202003-10 | vendor-advisoryx_refsource_GENTOO |
| https://usn.ubuntu.com/4335-1/ | vendor-advisoryx_refsource_UBUNTU |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Affected:
before 70
|
|
| Mozilla | Thunderbird |
Affected:
before 68.2
|
|
| Mozilla | Firefox ESR |
Affected:
before 68.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857"
},
{
"name": "GLSA-202003-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-10"
},
{
"name": "USN-4335-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4335-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "before 70"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "before 68.2"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "before 68.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "document.domain-based origin isolation has same-origin-property violation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T02:07:05.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857"
},
{
"name": "GLSA-202003-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-10"
},
{
"name": "USN-4335-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4335-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2019-11762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "before 70"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "before 68.2"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "before 68.2"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "document.domain-based origin isolation has same-origin-property violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-35/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-33/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-34/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857"
},
{
"name": "GLSA-202003-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-10"
},
{
"name": "USN-4335-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4335-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2019-11762",
"datePublished": "2020-01-08T19:53:09.000Z",
"dateReserved": "2019-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:03:32.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-11762",
"date": "2026-05-20",
"epss": "0.00355",
"percentile": "0.57895"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"70.0\", \"matchCriteriaId\": \"F4EA7BDA-DA95-46FB-8568-E857D3479994\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"68.2\", \"matchCriteriaId\": \"19FED95C-5BAF-4E31-8F60-E51609BA3BDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"68.2\", \"matchCriteriaId\": \"2CE97332-80EC-4CDF-A18C-37CD645A8A12\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.\"}, {\"lang\": \"es\", \"value\": \"Si dos documentos del mismo origen configuran a document.domain de manera diferente para convertirse en origen cruzado, es posible llamar arbitrariamente a DOM methods/getters/setters en la ventana ahora de origen cruzado. Esta vulnerabilidad afecta a Firefox versiones anteriores a la versi\\u00f3n 70, Thunderbird versiones anteriores a la versi\\u00f3n 68.2 y Firefox ESR versiones anteriores a la versi\\u00f3n 68.2.\"}]",
"id": "CVE-2019-11762",
"lastModified": "2024-11-21T04:21:44.557",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-01-08T20:15:12.873",
"references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1582857\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-10\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4335-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-33/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-34/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-35/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1582857\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4335-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-33/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-34/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2019-35/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-346\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-11762\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2020-01-08T20:15:12.873\",\"lastModified\":\"2024-11-21T04:21:44.557\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.\"},{\"lang\":\"es\",\"value\":\"Si dos documentos del mismo origen configuran a document.domain de manera diferente para convertirse en origen cruzado, es posible llamar arbitrariamente a DOM methods/getters/setters en la ventana ahora de origen cruzado. Esta vulnerabilidad afecta a Firefox versiones anteriores a la versi\u00f3n 70, Thunderbird versiones anteriores a la versi\u00f3n 68.2 y Firefox ESR versiones anteriores a la versi\u00f3n 68.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-346\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"70.0\",\"matchCriteriaId\":\"F4EA7BDA-DA95-46FB-8568-E857D3479994\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"68.2\",\"matchCriteriaId\":\"19FED95C-5BAF-4E31-8F60-E51609BA3BDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"68.2\",\"matchCriteriaId\":\"2CE97332-80EC-4CDF-A18C-37CD645A8A12\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1582857\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-10\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4335-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-33/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-34/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-35/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1582857\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4335-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-33/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-34/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2019-35/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-532
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 68.2",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 70",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11761"
},
{
"name": "CVE-2019-17000",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17000"
},
{
"name": "CVE-2019-11760",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11760"
},
{
"name": "CVE-2019-11765",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11765"
},
{
"name": "CVE-2019-17002",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17002"
},
{
"name": "CVE-2019-11758",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11758"
},
{
"name": "CVE-2019-11764",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11764"
},
{
"name": "CVE-2019-11763",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11763"
},
{
"name": "CVE-2019-11757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11757"
},
{
"name": "CVE-2019-11762",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11762"
},
{
"name": "CVE-2019-11759",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11759"
},
{
"name": "CVE-2018-6156",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6156"
},
{
"name": "CVE-2019-17001",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17001"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-532",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-33 du 22 octobre 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-34 du 22 octobre 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/"
}
]
}
CERTFR-2019-AVI-535
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 68.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 68.2",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11761"
},
{
"name": "CVE-2019-11760",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11760"
},
{
"name": "CVE-2019-11758",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11758"
},
{
"name": "CVE-2019-11764",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11764"
},
{
"name": "CVE-2019-11763",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11763"
},
{
"name": "CVE-2019-11757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11757"
},
{
"name": "CVE-2019-11762",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11762"
},
{
"name": "CVE-2019-11759",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11759"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-535",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-35 du 22 octobre 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/"
}
]
}
CERTFR-2019-AVI-532
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 68.2",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 70",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11761"
},
{
"name": "CVE-2019-17000",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17000"
},
{
"name": "CVE-2019-11760",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11760"
},
{
"name": "CVE-2019-11765",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11765"
},
{
"name": "CVE-2019-17002",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17002"
},
{
"name": "CVE-2019-11758",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11758"
},
{
"name": "CVE-2019-11764",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11764"
},
{
"name": "CVE-2019-11763",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11763"
},
{
"name": "CVE-2019-11757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11757"
},
{
"name": "CVE-2019-11762",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11762"
},
{
"name": "CVE-2019-11759",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11759"
},
{
"name": "CVE-2018-6156",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6156"
},
{
"name": "CVE-2019-17001",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17001"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-532",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-33 du 22 octobre 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-34 du 22 octobre 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/"
}
]
}
CERTFR-2019-AVI-535
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 68.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 68.2",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11761"
},
{
"name": "CVE-2019-11760",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11760"
},
{
"name": "CVE-2019-11758",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11758"
},
{
"name": "CVE-2019-11764",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11764"
},
{
"name": "CVE-2019-11763",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11763"
},
{
"name": "CVE-2019-11757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11757"
},
{
"name": "CVE-2019-11762",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11762"
},
{
"name": "CVE-2019-11759",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11759"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-535",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-35 du 22 octobre 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/"
}
]
}
BDU:2020-01406
Vulnerability from fstec - Published: 08.01.2020
VLAI Severity ?
Title
Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибкой вызова произвольных методов у двух одинаковых документов, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
Description
Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird связана с ошибкой вызова произвольных методов у двух одинаковых документов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным и нарушить их целостность
Severity ?
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., Mozilla Corp., АО «Концерн ВНИИНС», АО «ИВК»
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Firefox, Firefox ESR, Thunderbird, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), Альт 8 СП (запись в едином реестре российских программ №4305)
Software Version
6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), до 70 (Firefox), до 68.2 (Firefox ESR), до 68.2 (Thunderbird), 1.0 (ОС ОН «Стрелец»), - (Альт 8 СП), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Firefox:
Обновление программного обеспечения до 74.0-1 или более поздней версии
Для Firefox-esr:
Обновление программного обеспечения до 68.6.0esr-1 или более поздней версии
Для Thunderbird:
Обновление программного обеспечения до 1:68.5.0-1 или более поздней версии
Для Debian:
Обновление программного обеспечения до актуальной версии
Для Astra Linux:
Обновление программного обеспечения (пакета firefox) до 74.0-1 или более поздней версии
Обновление программного обеспечения (пакета firefox-esr) до 68.6.0esr-1~deb10u1 или более поздней версии
Обновление программного обеспечения (пакета thunderbird) до 1:68.5.0-1~deb10u1 или более поздней версии
Для программных продуктов Novell Inc.:
https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html
https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html
Для программных продуктов Red Hat Inc.:
https://bugzilla.redhat.com/show_bug.cgi?id=1764443
Для ОС ОН «Стрелец»: https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie
Для ОС ОН «Стрелец»:
Обновление программного обеспечения firefox-esr до версии 91.13.0esr+repack-1~deb10u1.osnova1.strelets
Обновление программного обеспечения thunderbird до версии 1:91.13.0+repack-1~deb10u1.osnova1.strelets
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-11762
https://security-tracker.debian.org/tracker/CVE-2019-11762
https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186
https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html
https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html
https://bugzilla.redhat.com/show_bug.cgi?id=1764443
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-346
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Mozilla Corp., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), \u0434\u043e 70 (Firefox), \u0434\u043e 68.2 (Firefox ESR), \u0434\u043e 68.2 (Thunderbird), 1.0 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Firefox:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 74.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Firefox-esr:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 68.6.0esr-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Thunderbird:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1:68.5.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 firefox) \u0434\u043e 74.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 firefox-esr) \u0434\u043e 68.6.0esr-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 thunderbird) \u0434\u043e 1:68.5.0-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1764443\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb: https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 91.13.0esr+repack-1~deb10u1.osnova1.strelets\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:91.13.0+repack-1~deb10u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.01.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.04.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01406",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-11762",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Firefox, Firefox ESR, Thunderbird, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb 1.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0443 \u0434\u0432\u0443\u0445 \u043e\u0434\u0438\u043d\u0430\u043a\u043e\u0432\u044b\u0445 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-346)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0432\u044b\u0437\u043e\u0432\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0443 \u0434\u0432\u0443\u0445 \u043e\u0434\u0438\u043d\u0430\u043a\u043e\u0432\u044b\u0445 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-11762\nhttps://security-tracker.debian.org/tracker/CVE-2019-11762\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186\nhttps://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1764443\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-346",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}
CNVD-2019-38481
Vulnerability from cnvd - Published: 2019-11-01
VLAI Severity ?
Title
Mozilla Firefox和Mozilla Firefox ESR资源管理错误漏洞(CNVD-2019-38481)
Description
Mozilla Firefox和Mozilla Firefox ESR都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。
Mozilla Firefox 70之前版本和Mozilla Firefox ESR 68.2之前版本中存在安全漏洞。目前没有详细的漏洞细节提供。
Severity
中
Patch Name
Mozilla Firefox和Mozilla Firefox ESR资源管理错误漏洞(CNVD-2019-38481)的补丁
Patch Description
Mozilla Firefox和Mozilla Firefox ESR都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。
Mozilla Firefox 70之前版本和Mozilla Firefox ESR 68.2之前版本中存在安全漏洞。目前没有详细的漏洞细节提供。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/
Reference
https://vigilance.fr/vulnerability/Firefox-multiple-vulnerabilities-30691
Impacted products
| Name | ['Mozilla Firefox <70', 'Mozilla Firefox ESR <68.2'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-11762"
}
},
"description": "Mozilla Firefox\u548cMozilla Firefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox(Web\u6d4f\u89c8\u5668)\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\n\nMozilla Firefox 70\u4e4b\u524d\u7248\u672c\u548cMozilla Firefox ESR 68.2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-38481",
"openTime": "2019-11-01",
"patchDescription": "Mozilla Firefox\u548cMozilla Firefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4ea7\u54c1\u3002Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox(Web\u6d4f\u89c8\u5668)\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 70\u4e4b\u524d\u7248\u672c\u548cMozilla Firefox ESR 68.2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u548cMozilla Firefox ESR\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-38481\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox \u003c70",
"Mozilla Firefox ESR \u003c68.2"
]
},
"referenceLink": "https://vigilance.fr/vulnerability/Firefox-multiple-vulnerabilities-30691",
"serverity": "\u4e2d",
"submitTime": "2019-10-24",
"title": "Mozilla Firefox\u548cMozilla Firefox ESR\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-38481\uff09"
}
FKIE_CVE-2019-11762
Vulnerability from fkie_nvd - Published: 2020-01-08 20:15 - Updated: 2024-11-21 04:21
Severity ?
Summary
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox_esr | * | |
| mozilla | thunderbird | * | |
| canonical | ubuntu_linux | 16.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4EA7BDA-DA95-46FB-8568-E857D3479994",
"versionEndExcluding": "70.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19FED95C-5BAF-4E31-8F60-E51609BA3BDB",
"versionEndExcluding": "68.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE97332-80EC-4CDF-A18C-37CD645A8A12",
"versionEndExcluding": "68.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2."
},
{
"lang": "es",
"value": "Si dos documentos del mismo origen configuran a document.domain de manera diferente para convertirse en origen cruzado, es posible llamar arbitrariamente a DOM methods/getters/setters en la ventana ahora de origen cruzado. Esta vulnerabilidad afecta a Firefox versiones anteriores a la versi\u00f3n 70, Thunderbird versiones anteriores a la versi\u00f3n 68.2 y Firefox ESR versiones anteriores a la versi\u00f3n 68.2."
}
],
"id": "CVE-2019-11762",
"lastModified": "2024-11-21T04:21:44.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-08T20:15:12.873",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-10"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4335-1/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4335-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CQ7G-RMCX-793W
Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2023-02-01 15:30
VLAI?
Details
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Severity ?
6.1 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-11762"
],
"database_specific": {
"cwe_ids": [
"CWE-346"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-08T20:15:00Z",
"severity": "MODERATE"
},
"details": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"id": "GHSA-cq7g-rmcx-793w",
"modified": "2023-02-01T15:30:23Z",
"published": "2022-05-24T17:05:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11762"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-10"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4335-1"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-33"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-34"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2019-11762
Vulnerability from gsd - Updated: 2023-12-13 01:24Details
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-11762",
"description": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"id": "GSD-2019-11762",
"references": [
"https://www.suse.com/security/cve/CVE-2019-11762.html",
"https://www.debian.org/security/2019/dsa-4571",
"https://www.debian.org/security/2019/dsa-4549",
"https://access.redhat.com/errata/RHSA-2019:3756",
"https://access.redhat.com/errata/RHSA-2019:3281",
"https://access.redhat.com/errata/RHSA-2019:3237",
"https://access.redhat.com/errata/RHSA-2019:3210",
"https://access.redhat.com/errata/RHSA-2019:3196",
"https://access.redhat.com/errata/RHSA-2019:3193",
"https://ubuntu.com/security/CVE-2019-11762",
"https://advisories.mageia.org/CVE-2019-11762.html",
"https://security.archlinux.org/CVE-2019-11762",
"https://linux.oracle.com/cve/CVE-2019-11762.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-11762"
],
"details": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"id": "GSD-2019-11762",
"modified": "2023-12-13T01:24:00.317036Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2019-11762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "before 70"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "before 68.2"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "before 68.2"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "document.domain-based origin isolation has same-origin-property violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-35/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-33/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-34/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857"
},
{
"name": "GLSA-202003-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-10"
},
{
"name": "USN-4335-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4335-1/"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2019-11762"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "68.2"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "70"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "68.2"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Thunderbird \u003c 68.2, Firefox \u003c 70, and Firefox ESR \u003c 68.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "document.domain-based origin isolation has same-origin-property violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "68.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "68.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "70.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2019-11762"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-35/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-34/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1582857"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2019-33/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"
},
{
"name": "GLSA-202003-10",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-10"
},
{
"name": "USN-4335-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4335-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-02-01T14:07Z",
"publishedDate": "2020-01-08T20:15Z"
}
}
}
OPENSUSE-SU-2019:2451-1
Vulnerability from csaf_opensuse - Published: 2019-11-09 11:20 - Updated: 2019-11-09 11:20Summary
Security update for MozillaFirefox, MozillaFirefox-branding-SLE
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox, MozillaFirefox-branding-SLE
Description of the patch: This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:
Changes in MozillaFirefox:
Security issues fixed:
- CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429).
- CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738).
- CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738).
- CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738).
- CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738).
- CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738).
- CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).
- CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).
- CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).
Non-security issues fixed:
- Added Provides-line for translations-common (bsc#1153423) .
- Moved some settings from branding-package here (bsc#1153869).
- Disabled DoH by default.
Changes in MozillaFirefox-branding-SLE:
- Moved extensions preferences to core package (bsc#1153869).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2451
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox, MozillaFirefox-branding-SLE",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:\n\nChanges in MozillaFirefox:\n\nSecurity issues fixed:\n\n- CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429).\n- CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738).\n- CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738).\n- CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738).\n- CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738).\n- CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738).\n- CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).\n- CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).\n- CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).\n\nNon-security issues fixed:\n\n- Added Provides-line for translations-common (bsc#1153423) .\n- Moved some settings from branding-package here (bsc#1153869).\n- Disabled DoH by default.\n\nChanges in MozillaFirefox-branding-SLE:\n\n- Moved extensions preferences to core package (bsc#1153869).\n\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2451",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2451-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2451-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/V6ZXQOV37FDUBMBAJGH2RCLCL55J6IYA/#V6ZXQOV37FDUBMBAJGH2RCLCL55J6IYA"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2451-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/V6ZXQOV37FDUBMBAJGH2RCLCL55J6IYA/#V6ZXQOV37FDUBMBAJGH2RCLCL55J6IYA"
},
{
"category": "self",
"summary": "SUSE Bug 1104841",
"url": "https://bugzilla.suse.com/1104841"
},
{
"category": "self",
"summary": "SUSE Bug 1129528",
"url": "https://bugzilla.suse.com/1129528"
},
{
"category": "self",
"summary": "SUSE Bug 1137990",
"url": "https://bugzilla.suse.com/1137990"
},
{
"category": "self",
"summary": "SUSE Bug 1149429",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "self",
"summary": "SUSE Bug 1151186",
"url": "https://bugzilla.suse.com/1151186"
},
{
"category": "self",
"summary": "SUSE Bug 1153423",
"url": "https://bugzilla.suse.com/1153423"
},
{
"category": "self",
"summary": "SUSE Bug 1153869",
"url": "https://bugzilla.suse.com/1153869"
},
{
"category": "self",
"summary": "SUSE Bug 1154738",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11757 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11758 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11759 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11760 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11761 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11762 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11763 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11764 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
}
],
"title": "Security update for MozillaFirefox, MozillaFirefox-branding-SLE",
"tracking": {
"current_release_date": "2019-11-09T11:20:57Z",
"generator": {
"date": "2019-11-09T11:20:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2451-1",
"initial_release_date": "2019-11-09T11:20:57Z",
"revision_history": [
{
"date": "2019-11-09T11:20:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"product": {
"name": "MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"product_id": "MozillaFirefox-68.2.0-lp151.2.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"product_id": "MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"product_id": "MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"product_id": "MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"product": {
"name": "MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"product_id": "MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"product_id": "MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"product_id": "MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64",
"product": {
"name": "firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64",
"product_id": "firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-68.2.0-lp151.2.18.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64"
},
"product_reference": "MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
},
"product_reference": "firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11757"
}
],
"notes": [
{
"category": "general",
"text": "When following the value\u0027s prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11757",
"url": "https://www.suse.com/security/cve/CVE-2019-11757"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11757",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-09T11:20:57Z",
"details": "important"
}
],
"title": "CVE-2019-11757"
},
{
"cve": "CVE-2019-11758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11758"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11758",
"url": "https://www.suse.com/security/cve/CVE-2019-11758"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11758",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-09T11:20:57Z",
"details": "important"
}
],
"title": "CVE-2019-11758"
},
{
"cve": "CVE-2019-11759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11759"
}
],
"notes": [
{
"category": "general",
"text": "An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11759",
"url": "https://www.suse.com/security/cve/CVE-2019-11759"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11759",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-09T11:20:57Z",
"details": "important"
}
],
"title": "CVE-2019-11759"
},
{
"cve": "CVE-2019-11760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11760"
}
],
"notes": [
{
"category": "general",
"text": "A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11760",
"url": "https://www.suse.com/security/cve/CVE-2019-11760"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11760",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-09T11:20:57Z",
"details": "important"
}
],
"title": "CVE-2019-11760"
},
{
"cve": "CVE-2019-11761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11761"
}
],
"notes": [
{
"category": "general",
"text": "By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11761",
"url": "https://www.suse.com/security/cve/CVE-2019-11761"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11761",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-09T11:20:57Z",
"details": "important"
}
],
"title": "CVE-2019-11761"
},
{
"cve": "CVE-2019-11762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11762"
}
],
"notes": [
{
"category": "general",
"text": "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11762",
"url": "https://www.suse.com/security/cve/CVE-2019-11762"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11762",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-09T11:20:57Z",
"details": "important"
}
],
"title": "CVE-2019-11762"
},
{
"cve": "CVE-2019-11763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11763"
}
],
"notes": [
{
"category": "general",
"text": "Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11763",
"url": "https://www.suse.com/security/cve/CVE-2019-11763"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11763",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-09T11:20:57Z",
"details": "important"
}
],
"title": "CVE-2019-11763"
},
{
"cve": "CVE-2019-11764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11764"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 70, Thunderbird \u003c 68.2, and Firefox ESR \u003c 68.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11764",
"url": "https://www.suse.com/security/cve/CVE-2019-11764"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-11764",
"url": "https://bugzilla.suse.com/1154738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-09T11:20:57Z",
"details": "important"
}
],
"title": "CVE-2019-11764"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:MozillaFirefox-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-openSUSE-68-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-devel-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-common-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:MozillaFirefox-translations-other-68.2.0-lp151.2.18.2.x86_64",
"openSUSE Leap 15.1:firefox-esr-branding-openSUSE-68-lp151.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-09T11:20:57Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…