Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Firefox 69 Patches Critical Code Execution Flaw

Mozilla this week released Firefox 69 in the stable channel with patches for 20 vulnerabilities, including one code execution bug rated Critical severity.

Mozilla this week released Firefox 69 in the stable channel with patches for 20 vulnerabilities, including one code execution bug rated Critical severity.

The issue resides in the fact that, when Firefox is launched by another program, logging-related command line parameters are not properly sanitized. This would normally happen when the user clicks on a link in a chat application, for example.

An attacker looking to exploit the vulnerability could create malicious links that would be used to write a log file to an arbitrary location, such as the Windows ‘Startup’ folder. Tracked as CVE-2019-11751, the vulnerability only affects Firefox on Windows operating systems.

“Successful exploitation […] could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the Center for Internet Security (CIS) notes in an advisory.

CIS also assesses that these vulnerabilities represent a high risk to large and medium-sized government/business entities, but that they have only a medium impact on small government/business entities.

Firefox 69 also addresses 11 High severity vulnerabilities, 5 Medium risk bugs, and 3 Low severity flaws.

High severity issues addressed in this browser iteration include CVE-2019-11746 (a use-after-free that can occur while manipulating video elements), CVE-2019-11744 (Cross-Site Scripting resulting from some HTML elements containing literal angle brackets that are not treated as markup), and CVE-2019-11752 (a use-after-free residing in the possibility to delete an IndexedDB key value and subsequently trying to extract it during conversion).

Other flaws include a same-origin policy violation (CVE-2019-11742) allowing the theft of cross-origin images; a file manipulation and privilege escalation in Mozilla Maintenance Service (CVE-2019-11736); and privilege escalation with Mozilla Maintenance Service in a custom Firefox installation location (CVE-2019-11753).

Advertisement. Scroll to continue reading.

Mozilla also addressed a sandbox escape through Firefox Sync (CVE-2019-9812) and isolated addons.mozilla.org and accounts.firefox.com into their own process, to prevent malicious manipulation (CVE-2019-11741).

The remaining High severity issues are memory safety bugs, some of which were found to impact Firefox ESR 68.1 (CVE-2019-11735), and Firefox ESR 68.1 and Firefox ESR 60.9 (CVE-2019-11740) as well. CVE-2019-11734 only impacts Firefox 68.

Medium risk vulnerabilities addressed in this browser iteration are CVE-2019-11743 (cross-origin access to unload event attributes), CVE-2019-11748 (persistence of WebRTC permissions in a third party context), CVE-2019-11749 (camera information available without prompting using getUserMedia), CVE-2019-5849 (out-of-bounds read in Skia), and CVE-2019-11750 (type confusion in Spidermonkey).

The three Low severity issues are CVE-2019-11737 (content security policy directives ignore port and path if host is a wildcard), CVE-2019-11738 (content security policy bypass through hash-based sources in directives), and CVE-2019-11747 (‘Forget about this site’ removes sites from pre-loaded HSTS list).

Related: Firefox Update to Address Antivirus TLS Errors

Related: Firefox Zero-Day Exploited to Deliver Malware to Cryptocurrency Exchanges

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.