SB2020010708 - Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Published: January 7, 2020 Updated: January 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Code Injection (CVE-ID: CVE-2019-17016)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation when pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration.
2) Type Confusion (CVE-ID: CVE-2019-17017)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing HTML content in XPCVariant.cpp. A remote attacker can create a specially crated web page, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Information disclosure (CVE-ID: CVE-2019-17018)
The vulnerability allows a local user to gain access to potentially sensitive information.
When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. As a result, a local user can gain access to data, used during Private Browsing Mode.
4) Reliance on Untrusted Inputs in a Security Decision (CVE-ID: CVE-2019-17019)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect processing of Python scripts. When Python is installed on Windows operating system, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download.
5) Buffer overflow (CVE-ID: CVE-2019-17015)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error during the initialization of a new content process. A remote attacker can create a specially crafted web site, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability affects Windows users only.
6) Improperly implemented security check for standard (CVE-ID: CVE-2019-17020)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to incorrect implementation of Content Security Policy that is not enforced for XSL stylesheets applied to XML documents. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document.
Successful exploitation of the vulnerability may allow an attacker to bypass security restrictions that rely on Content Security Policy and perform dangerous actions.
7) Race condition (CVE-ID: CVE-2019-17021)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a race condition that occurs during the initialization of a new content process. A remote attacker can exploit the race to gain access to potentially sensitive information, such as heap addresses from the parent process.
Note, this vulnerability affects Windows users only.
8) Cross-site scripting (CVE-ID: CVE-2019-17022)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the CSS sanitizer. When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. If a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability.
9) Algorithm Downgrade (CVE-ID: CVE-2019-17023)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to insecure negotiation After a HelloRetryRequest in Mozilla NSS that can lead to selection of a less secure protocol (e.g. TLS 1.2 or below) after the HelloRetryRequest TLS 1.3 is sent.
10) Buffer overflow (CVE-ID: CVE-2019-17024)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Buffer overflow (CVE-ID: CVE-2019-17025)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.