Test ID:	1.3.6.1.4.1.25623.1.0.815004
Category:	General
Title:	Mozilla Firefox ESR Security Advisories (MFSA2019-06, MFSA2019-08) - Windows
Summary:	Mozilla Firefox ESR is prone to multiple vulnerabilities.
Description:	Summary: Mozilla Firefox ESR is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An Use-after-free error when removing in-use DOM elements. - Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey. - An error in IonMonkey just-in-time (JIT) compiler. - An improper bounds checks when Spectre mitigations are disabled. - Command line arguments not discarded during execution. - A type-confusion error in IonMonkey JIT compiler. - An use-after-free error with SMIL animation controller. - Windows programs that are not 'URL Handlers' are exposed to web content. - Memory safety bugs. Vulnerability Impact: Successful exploitation allows attackers to run arbitrary code, crash the system and bypass security restrictions. Affected Software/OS: Mozilla Firefox ESR version before 60.6 on Windows. Solution: Update to Mozilla Firefox ESR version 60.6 or later. Please see the references for more information. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-9790 https://bugzilla.mozilla.org/show_bug.cgi?id=1525145 https://www.mozilla.org/security/advisories/mfsa2019-07/ https://www.mozilla.org/security/advisories/mfsa2019-08/ https://www.mozilla.org/security/advisories/mfsa2019-11/ RedHat Security Advisories: RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:0966 RedHat Security Advisories: RHSA-2019:1144 https://access.redhat.com/errata/RHSA-2019:1144 Common Vulnerability Exposure (CVE) ID: CVE-2019-9791 https://bugzilla.mozilla.org/show_bug.cgi?id=1530958 Common Vulnerability Exposure (CVE) ID: CVE-2019-9792 http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html https://bugzilla.mozilla.org/show_bug.cgi?id=1532599 Common Vulnerability Exposure (CVE) ID: CVE-2019-9793 https://bugzilla.mozilla.org/show_bug.cgi?id=1528829 Common Vulnerability Exposure (CVE) ID: CVE-2019-9794 https://bugzilla.mozilla.org/show_bug.cgi?id=1530103 Common Vulnerability Exposure (CVE) ID: CVE-2019-9795 https://bugzilla.mozilla.org/show_bug.cgi?id=1514682 Common Vulnerability Exposure (CVE) ID: CVE-2019-9796 https://bugzilla.mozilla.org/show_bug.cgi?id=1531277 Common Vulnerability Exposure (CVE) ID: CVE-2019-9801 https://bugzilla.mozilla.org/show_bug.cgi?id=1527717 Common Vulnerability Exposure (CVE) ID: CVE-2018-1850 http://www.securitytracker.com/id/1042036 XForce ISS Database: ibm-sam-cve20181850-auth-bypass(150998) https://exchange.xforce.ibmcloud.com/vulnerabilities/150998 Common Vulnerability Exposure (CVE) ID: CVE-2019-9788 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.