General : Mozilla Firefox ESR Security Advisories - 1 - (MFSA2019-25, MFSA2019-27)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.815452

Category: General

Title: Mozilla Firefox ESR Security Advisories - 1 - (MFSA2019-25, MFSA2019-27) - Mac OS X

Summary: Mozilla Firefox ESR is prone to multiple vulnerabilities.

Description: Summary:
Mozilla Firefox ESR is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- Multiple use-after-free errors.

- A same-origin policy violation.

- Sandbox escape through Firefox Sync.

- Navigation events were not fully adhering to the W3C's 'Navigation-Timing Level 2'
draft specification in some instances for the unload event.

- Some HTML elements, such as and <textarea>, can contain literal angle<br> brackets without treating them as markup.<br><br> - Memory safety bugs.<br><br>Vulnerability Impact:<br>Successful exploitation allows attackers to<br> cause denial of service, escalate privileges, conduct cross site scripting<br> attacks and disclose sensitive information.<br><br>Affected Software/OS:<br>Mozilla Firefox ESR version before<br> 60.9 on Mac OS X.<br><br>Solution:<br>Upgrade to Mozilla Firefox ESR version 60.9<br> or later. Please see the references for more information.<br><br>CVSS Score:<br>9.3<br><br>CVSS Vector:<br>AV:N/AC:M/Au:N/C:C/I:C/A:C<br><br></td></tr> <tr><td class=std valign=top>Cross-Ref:</td><td class=std> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11746">Common Vulnerability Exposure (CVE) ID: CVE-2019-11746</a><br> <a href="https://security.gentoo.org/glsa/201911-07">https://security.gentoo.org/glsa/201911-07</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1564449">https://bugzilla.mozilla.org/show_bug.cgi?id=1564449</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2019:2248&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2019:2248 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2019:2249&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2019:2249 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2019:2251&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2019:2251 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2019:2260&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2019:2260 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html</a><br> <a href="https://usn.ubuntu.com/4150-1/">https://usn.ubuntu.com/4150-1/</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11744">Common Vulnerability Exposure (CVE) ID: CVE-2019-11744</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1562033">https://bugzilla.mozilla.org/show_bug.cgi?id=1562033</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11742">Common Vulnerability Exposure (CVE) ID: CVE-2019-11742</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1559715">https://bugzilla.mozilla.org/show_bug.cgi?id=1559715</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11740">Common Vulnerability Exposure (CVE) ID: CVE-2019-11740</a><br> <a href="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160">https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11752">Common Vulnerability Exposure (CVE) ID: CVE-2019-11752</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1501152">https://bugzilla.mozilla.org/show_bug.cgi?id=1501152</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-9812">Common Vulnerability Exposure (CVE) ID: CVE-2019-9812</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1538015">https://bugzilla.mozilla.org/show_bug.cgi?id=1538015</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11743">Common Vulnerability Exposure (CVE) ID: CVE-2019-11743</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1560495">https://bugzilla.mozilla.org/show_bug.cgi?id=1560495</a><br> <a href="https://w3c.github.io/navigation-timing">https://w3c.github.io/navigation-timing</a><br> </td></tr> <tr><td class=std valign=top>Copyright</td><td class=std>Copyright (C) 2019 Greenbone AG</td></tr> </table><P><P> <table BORDER=1 cellspacing=0 cellpadding=5 bgcolor=#eeffee><tr><td class=std valign=top>This is only one of <a href="index.html#cate"><b>145615</b> vulnerability tests</a> in our test suite. Find out more about running a <a href='../smysecure/index.html'>complete security audit</a>.<p>To run a free test of this vulnerability against your system, register below.</td></tr></table><P><P> <br> </div> </div> <br> <hr> <P> <center><div class=xsmall>© 1998-2025 E-Soft Inc. All rights reserved.</div></center> <p> <div id=footer><script>oHelpGlobals.state = ""; </script> <div class=hide id=hsqhelptitle></div> <div class=hide id=hsqhelptext><div class=std></div></div> </div></body> </html>

Test ID:	1.3.6.1.4.1.25623.1.0.815452
Category:	General
Title:	Mozilla Firefox ESR Security Advisories - 1 - (MFSA2019-25, MFSA2019-27) - Mac OS X
Summary:	Mozilla Firefox ESR is prone to multiple vulnerabilities.
Description:	Summary: Mozilla Firefox ESR is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Multiple use-after-free errors. - A same-origin policy violation. - Sandbox escape through Firefox Sync. - Navigation events were not fully adhering to the W3C's 'Navigation-Timing Level 2' draft specification in some instances for the unload event. - Some HTML elements, such as and <textarea>, can contain literal angle<br> brackets without treating them as markup.<br><br> - Memory safety bugs.<br><br>Vulnerability Impact:<br>Successful exploitation allows attackers to<br> cause denial of service, escalate privileges, conduct cross site scripting<br> attacks and disclose sensitive information.<br><br>Affected Software/OS:<br>Mozilla Firefox ESR version before<br> 60.9 on Mac OS X.<br><br>Solution:<br>Upgrade to Mozilla Firefox ESR version 60.9<br> or later. Please see the references for more information.<br><br>CVSS Score:<br>9.3<br><br>CVSS Vector:<br>AV:N/AC:M/Au:N/C:C/I:C/A:C<br><br></td></tr> <tr><td class=std valign=top>Cross-Ref:</td><td class=std> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11746">Common Vulnerability Exposure (CVE) ID: CVE-2019-11746</a><br> <a href="https://security.gentoo.org/glsa/201911-07">https://security.gentoo.org/glsa/201911-07</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1564449">https://bugzilla.mozilla.org/show_bug.cgi?id=1564449</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2019:2248&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2019:2248 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2019:2249&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2019:2249 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2019:2251&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2019:2251 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2019:2260&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2019:2260 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html</a><br> <a href="https://usn.ubuntu.com/4150-1/">https://usn.ubuntu.com/4150-1/</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11744">Common Vulnerability Exposure (CVE) ID: CVE-2019-11744</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1562033">https://bugzilla.mozilla.org/show_bug.cgi?id=1562033</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11742">Common Vulnerability Exposure (CVE) ID: CVE-2019-11742</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1559715">https://bugzilla.mozilla.org/show_bug.cgi?id=1559715</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11740">Common Vulnerability Exposure (CVE) ID: CVE-2019-11740</a><br> <a href="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160">https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11752">Common Vulnerability Exposure (CVE) ID: CVE-2019-11752</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1501152">https://bugzilla.mozilla.org/show_bug.cgi?id=1501152</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-9812">Common Vulnerability Exposure (CVE) ID: CVE-2019-9812</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1538015">https://bugzilla.mozilla.org/show_bug.cgi?id=1538015</a><br> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2019-11743">Common Vulnerability Exposure (CVE) ID: CVE-2019-11743</a><br> <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1560495">https://bugzilla.mozilla.org/show_bug.cgi?id=1560495</a><br> <a href="https://w3c.github.io/navigation-timing">https://w3c.github.io/navigation-timing</a><br> </td></tr> <tr><td class=std valign=top>Copyright</td><td class=std>Copyright (C) 2019 Greenbone AG</td></tr> </table><P><P> <table BORDER=1 cellspacing=0 cellpadding=5 bgcolor=#eeffee><tr><td class=std valign=top>This is only one of <a href="index.html#cate"><b>145615</b> vulnerability tests</a> in our test suite. Find out more about running a <a href='../smysecure/index.html'>complete security audit</a>.<p>To run a free test of this vulnerability against your system, register below.</td></tr></table><P><P> <br> </div> </div> <br> <hr> <P> <center><div class=xsmall>© 1998-2025 E-Soft Inc. All rights reserved.</div></center> <p> <div id=footer><script>oHelpGlobals.state = ""; </script> <div class=hide id=hsqhelptitle></div> <div class=hide id=hsqhelptext><div class=std></div></div> </div></body> </html>