usn-3918-2
Vulnerability from osv_ubuntu
Published
2019-03-25 14:13
Modified
2026-04-22 07:36
Summary
firefox vulnerabilities
Details

USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807, CVE-2019-9808, CVE-2019-9809)

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793)

It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2019-9788",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "negligible",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9789",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9790",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9791",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9792",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9793",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9795",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9796",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9797",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9799",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9802",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9803",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9805",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9806",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9807",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9808",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9809",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "firefox",
            "binary_version": "66.0.1+build1-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-globalmenu",
            "binary_version": "66.0.1+build1-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-mozsymbols",
            "binary_version": "66.0.1+build1-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-testsuite",
            "binary_version": "66.0.1+build1-0ubuntu0.14.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "firefox",
        "purl": "pkg:deb/ubuntu/firefox@66.0.1+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "66.0.1+build1-0ubuntu0.14.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "24.0+build1-0ubuntu1",
        "25.0+build3-0ubuntu0.13.10.1",
        "28.0~b2+build1-0ubuntu2",
        "28.0+build1-0ubuntu1",
        "28.0+build2-0ubuntu1",
        "28.0+build2-0ubuntu2",
        "29.0+build1-0ubuntu0.14.04.2",
        "30.0+build1-0ubuntu0.14.04.3",
        "31.0+build1-0ubuntu0.14.04.1",
        "32.0+build1-0ubuntu0.14.04.1",
        "32.0.3+build1-0ubuntu0.14.04.1",
        "33.0+build2-0ubuntu0.14.04.1",
        "34.0+build2-0ubuntu0.14.04.1",
        "35.0+build3-0ubuntu0.14.04.2",
        "35.0.1+build1-0ubuntu0.14.04.1",
        "36.0+build2-0ubuntu0.14.04.4",
        "36.0.1+build2-0ubuntu0.14.04.1",
        "36.0.4+build1-0ubuntu0.14.04.1",
        "37.0+build2-0ubuntu0.14.04.1",
        "37.0.1+build1-0ubuntu0.14.04.1",
        "37.0.2+build1-0ubuntu0.14.04.1",
        "38.0+build3-0ubuntu0.14.04.1",
        "39.0+build5-0ubuntu0.14.04.1",
        "39.0.3+build2-0ubuntu0.14.04.1",
        "40.0+build4-0ubuntu0.14.04.1",
        "40.0+build4-0ubuntu0.14.04.4",
        "40.0.3+build1-0ubuntu0.14.04.1",
        "41.0+build3-0ubuntu0.14.04.1",
        "41.0.1+build2-0ubuntu0.14.04.1",
        "41.0.2+build2-0ubuntu0.14.04.1",
        "42.0+build2-0ubuntu0.14.04.1",
        "43.0+build1-0ubuntu0.14.04.1",
        "43.0.4+build3-0ubuntu0.14.04.1",
        "44.0+build3-0ubuntu0.14.04.1",
        "44.0.1+build2-0ubuntu0.14.04.1",
        "44.0.2+build1-0ubuntu0.14.04.1",
        "45.0+build2-0ubuntu0.14.04.1",
        "45.0.1+build1-0ubuntu0.14.04.2",
        "45.0.2+build1-0ubuntu0.14.04.1",
        "46.0+build5-0ubuntu0.14.04.2",
        "46.0.1+build1-0ubuntu0.14.04.3",
        "47.0+build3-0ubuntu0.14.04.1",
        "48.0+build2-0ubuntu0.14.04.1",
        "49.0+build4-0ubuntu0.14.04.1",
        "49.0.2+build2-0ubuntu0.14.04.1",
        "50.0+build2-0ubuntu0.14.04.2",
        "50.0.2+build1-0ubuntu0.14.04.1",
        "50.1.0+build2-0ubuntu0.14.04.1",
        "51.0.1+build2-0ubuntu0.14.04.1",
        "51.0.1+build2-0ubuntu0.14.04.2",
        "52.0+build2-0ubuntu0.14.04.1",
        "52.0.1+build2-0ubuntu0.14.04.1",
        "52.0.2+build1-0ubuntu0.14.04.1",
        "53.0+build6-0ubuntu0.14.04.1",
        "53.0.2+build1-0ubuntu0.14.04.2",
        "53.0.3+build1-0ubuntu0.14.04.2",
        "54.0+build3-0ubuntu0.14.04.1",
        "55.0.1+build2-0ubuntu0.14.04.2",
        "55.0.2+build1-0ubuntu0.14.04.1",
        "56.0+build6-0ubuntu0.14.04.1",
        "56.0+build6-0ubuntu0.14.04.2",
        "57.0+build4-0ubuntu0.14.04.4",
        "57.0+build4-0ubuntu0.14.04.5",
        "57.0.1+build2-0ubuntu0.14.04.1",
        "57.0.3+build1-0ubuntu0.14.04.1",
        "57.0.4+build1-0ubuntu0.14.04.1",
        "58.0+build6-0ubuntu0.14.04.1",
        "58.0.1+build1-0ubuntu0.14.04.1",
        "58.0.2+build1-0ubuntu0.14.04.1",
        "59.0+build5-0ubuntu0.14.04.1",
        "59.0.1+build1-0ubuntu0.14.04.1",
        "59.0.2+build1-0ubuntu0.14.04.1",
        "59.0.2+build1-0ubuntu0.14.04.4",
        "60.0+build2-0ubuntu0.14.04.1",
        "60.0.1+build2-0ubuntu0.14.04.1",
        "60.0.2+build1-0ubuntu0.14.04.1",
        "61.0+build3-0ubuntu0.14.04.2",
        "61.0.1+build1-0ubuntu0.14.04.1",
        "62.0+build2-0ubuntu0.14.04.3",
        "62.0+build2-0ubuntu0.14.04.4",
        "62.0+build2-0ubuntu0.14.04.5",
        "62.0.3+build1-0ubuntu0.14.04.2",
        "63.0+build2-0ubuntu0.14.04.2",
        "63.0.3+build1-0ubuntu0.14.04.1",
        "64.0+build3-0ubuntu0.14.04.1",
        "65.0+build2-0ubuntu0.14.04.1",
        "65.0.1+build2-0ubuntu0.14.04.1"
      ]
    }
  ],
  "aliases": [],
  "details": "USN-3918-1 fixed vulnerabilities in Firefox. This update provides the\ncorresponding updates for Ubuntu 14.04 LTS.\n\nOriginal advisory details:\n\n Multiple security issues were discovered in Firefox. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit these to cause a denial of service via application\n crash, denial of service via successive FTP authorization prompts or modal\n alerts, trick the user with confusing permission request prompts, obtain\n sensitive information, conduct social engineering attacks, or execute\n arbitrary code. (CVE-2019-9788, CVE-2019-9789, CVE-2019-9790,\n CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9797,\n CVE-2019-9799, CVE-2019-9802, CVE-2019-9805, CVE-2019-9806, CVE-2019-9807,\n CVE-2019-9808, CVE-2019-9809)\n \n A mechanism was discovered that removes some bounds checking for string,\n array, or typed array accesses if Spectre mitigations have been disabled.\n If a user were tricked in to opening a specially crafted website with\n Spectre mitigations disabled, an attacker could potentially exploit this\n to cause a denial of service, or execute arbitrary code. (CVE-2019-9793)\n \n It was discovered that Upgrade-Insecure-Requests was incorrectly enforced\n for same-origin navigation. An attacker could potentially exploit this to\n conduct machine-in-the-middle (MITM) attacks. (CVE-2019-9803)\n",
  "id": "USN-3918-2",
  "modified": "2026-04-22T07:36:36Z",
  "published": "2019-03-25T14:13:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-3918-2"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9788"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9789"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9790"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9791"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9792"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9793"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9795"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9796"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9797"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9799"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9802"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9803"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9805"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9806"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9807"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9808"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9809"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "firefox vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2019-9788",
    "UBUNTU-CVE-2019-9789",
    "UBUNTU-CVE-2019-9790",
    "UBUNTU-CVE-2019-9791",
    "UBUNTU-CVE-2019-9792",
    "UBUNTU-CVE-2019-9793",
    "UBUNTU-CVE-2019-9795",
    "UBUNTU-CVE-2019-9796",
    "UBUNTU-CVE-2019-9797",
    "UBUNTU-CVE-2019-9799",
    "UBUNTU-CVE-2019-9802",
    "UBUNTU-CVE-2019-9803",
    "UBUNTU-CVE-2019-9805",
    "UBUNTU-CVE-2019-9806",
    "UBUNTU-CVE-2019-9807",
    "UBUNTU-CVE-2019-9808",
    "UBUNTU-CVE-2019-9809"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…