| Description: | Summary:
Mozilla Firefox is prone to multiple vulnerabilities.
Vulnerability Insight:
Multiple flaws exist due to:
- Memory safety bugs.
- Multiple use-after-free errors.
- A same-origin policy violation.
- Sandbox escape through Firefox Sync.
- A compromised sandboxed content process.
- Navigation events were not fully adhering to the W3C's 'Navigation-Timing Level 2'
draft specification in some instances for the unload event.
- A vulnerability exists in WebRTC where malicious web content can use probing
techniques on the getUserMedia API using constraints.
- An out-of-bounds read vulnerability exists in the Skia graphics library.
- A type confusion vulnerability exists in Spidermonkey.
- Content security policy directives ignore port and path if host is a wildcard.
- Content security policy bypass through hash-based sources in directives.
- 'Forget about this site' removes sites from pre-loaded HSTS list.
Vulnerability Impact:
Successful exploitation allows attackers to
cause denial of service, escalate privileges, conduct cross site scripting
attacks and disclose sensitive information.
Affected Software/OS:
Mozilla Firefox version before
69 on Mac OS X.
Solution:
Upgrade to Mozilla Firefox version 69
or later. Please see the references for more information.
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
