Multiple vulnerabilities in Mozilla Firefox

Описание

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Incorrectly image loading vulnerability in Mozilla Firefox can be exploited remotely via specially designed website to obtain sensitive information
2. Race condition vulnerability in Resist Fingerprinting can be exploited remotely via specially designed website to cause denial of service;
3. Stack corruption due to incorrect number of arguments in WebRTC code can be exploited remotely via specially designed website to cause denial of service;
4. Use-after-free vulnerability in SFTKSession object can be exploited remotely via specially designed website to cause denial of service;
5. Incorrect temporary files access configuration of Mozilla updater service can be exploited locally to bypass security restrictions;
6. Use-after-free vulnerability in DocShell can be exploited remotely via specially designed website to cause denial of service;
7. Buffer overflow vulnerability in plain Firefox text serializer can be exploited remotely via specially designed website to cause denial of service;
8. Use-after-free vulnerability in worker destruction can be exploited remotely via specially designed website to cause denial of service;
9. Out of bounds write vulnerability in NSS can be exploited remotely via specially designed website to cause denial of service;

Первичный источник обнаружения

• mfsa2019-36
  

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

• Mozilla-Firefox

Список CVE

• CVE-2019-17014
  high
• CVE-2019-17012
  critical
• CVE-2019-17010
  critical
• CVE-2019-17013
  critical
• CVE-2019-13722
  high
• CVE-2019-11756
  critical
• CVE-2019-17009
  critical
• CVE-2019-17011
  critical
• CVE-2019-17005
  critical
• CVE-2019-17008
  critical
• CVE-2019-11745
  critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com