Packages
- firefox - Mozilla Open Source web browser
Details
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746,
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to obtain sensitive information, bypass Content
Security Policy (CSP) protections, bypass same-origin restrictions,
conduct cross-site scripting (XSS) attacks, cause a denial of service, or
execute arbitrary code. (CVE-2019-5849, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742,
CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748,
CVE-2019-11749, CVE-2019-11750, CVE-2019-11752)
It was discovered that a compromised content process could log in to a
malicious Firefox Sync account. An attacker could potentially exploit
this, in combination with another vulnerability, to disable the sandbox.
(CVE-2019-9812)
It was discovered that addons.mozilla.org and accounts.firefox.com could
be loaded in to the same content process. An attacker could potentially
exploit this, in combination with another vulnerability that allowed a
cross-site scripting (XSS) attack, to modify browser settings.
(CVE-2019-11741)
It was discovered that the "Forget about this site" feature in the history
pane removes HTTP Strict Transport Security (HSTS) settings for sites on
the pre-load list. An attacker could potentially exploit this to bypass
the protections offered by HSTS. (CVE-2019-11747)
Update instructions
After a standard system update you need to restart Firefox to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
19.04 disco | firefox – 69.0+build2-0ubuntu0.19.04.1 | ||
18.04 bionic | firefox – 69.0+build2-0ubuntu0.18.04.1 | ||
16.04 xenial | firefox – 69.0+build2-0ubuntu0.16.04.4 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2019-9812
- CVE-2019-5849
- CVE-2019-11752
- CVE-2019-11750
- CVE-2019-11749
- CVE-2019-11748
- CVE-2019-11747
- CVE-2019-11746
- CVE-2019-11744
- CVE-2019-11743
- CVE-2019-9812
- CVE-2019-5849
- CVE-2019-11752
- CVE-2019-11750
- CVE-2019-11749
- CVE-2019-11748
- CVE-2019-11747
- CVE-2019-11746
- CVE-2019-11744
- CVE-2019-11743
- CVE-2019-11742
- CVE-2019-11741
- CVE-2019-11740
- CVE-2019-11738
- CVE-2019-11737
- CVE-2019-11735
- CVE-2019-11734