SB2019091320 - Improper validation of integrity check value in firefox-esr (Alpine package)
Published: September 13, 2019
Security Bulletin ID
SB2019091320
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper validation of integrity check value (CVE-ID: CVE-2019-11753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the Mozilla Maintenance Service does not check integrity of the binary files that were installed into a custom and unprotected folder on the system. A local user can manipulate the Mozilla Maintenance Service to update this unprotected location and escalate privilege on the system.
Note, the vulnerability affects Windows installation only.
Remediation
Install update from vendor's website.