Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 688332 (CVE-2019-11707, CVE-2019-11708, MFSA-2019-18, MFSA-2019-19) - <www-client/firefox{,-bin}-{60.7.2,67.0.4}: multiple vulnerabilities (MFSA-2019-{18,19})
Summary: <www-client/firefox{,-bin}-{60.7.2,67.0.4}: multiple vulnerabilities (MFSA-20...
Status: RESOLVED FIXED
Alias: CVE-2019-11707, CVE-2019-11708, MFSA-2019-18, MFSA-2019-19
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: A2 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-06-18 22:36 UTC by GLSAMaker/CVETool Bot
Modified: 2019-08-15 15:53 UTC (History)
4 users (show)

See Also:
Package list:
www-client/firefox-60.7.2
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-06-18 22:36:09 UTC
Incoming details.
Comment 1 Thomas Deutschmann gentoo-dev Security 2019-06-18 22:39:36 UTC
CVE-2019-11707: Type confusion in Array.pop

Impact
  critical

Description
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.
Comment 2 Thomas Deutschmann gentoo-dev Security 2019-06-19 00:02:20 UTC
x86 stable
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-06-19 02:09:40 UTC
arm64 stable
Comment 4 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-06-20 09:18:41 UTC
amd64 stable
Comment 5 Thomas Deutschmann gentoo-dev Security 2019-06-20 17:57:43 UTC
Adding

CVE-2019-11708: sandbox escape using Prompt:Open

Impact
    high

Description

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.
Comment 6 Larry the Git Cow gentoo-dev 2019-06-20 18:11:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfaaac74d8b5e759edb8bd746f23966e8831ccec

commit dfaaac74d8b5e759edb8bd746f23966e8831ccec
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-06-20 18:08:27 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-06-20 18:10:59 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/688332
    Package-Manager: Portage-2.3.67, Repoman-2.3.14
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest              | 553 -----------------------
 www-client/firefox/firefox-60.7.0.ebuild | 436 ------------------
 www-client/firefox/firefox-60.7.1.ebuild | 436 ------------------
 www-client/firefox/firefox-66.0.5.ebuild | 746 ------------------------------
 www-client/firefox/firefox-67.0.2.ebuild | 752 -------------------------------
 www-client/firefox/firefox-67.0.3.ebuild | 752 -------------------------------
 www-client/firefox/firefox-67.0.ebuild   | 752 -------------------------------
 7 files changed, 4427 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=402ec142ca95ea111f0523102a23db9a0338da62

commit 402ec142ca95ea111f0523102a23db9a0338da62
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-06-20 18:07:20 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-06-20 18:10:58 +0000

    www-client/firefox: bump to v67.0.4
    
    Bug: https://bugs.gentoo.org/688332
    Package-Manager: Portage-2.3.67, Repoman-2.3.14
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest              |  92 ++++
 www-client/firefox/firefox-67.0.4.ebuild | 752 +++++++++++++++++++++++++++++++
 2 files changed, 844 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b16a52dc3814c061d51e1d81ee5258e3ef81a1d

commit 8b16a52dc3814c061d51e1d81ee5258e3ef81a1d
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-06-20 18:03:21 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-06-20 18:10:57 +0000

    www-client/firefox: bump to v60.7.2
    
    Bug: https://bugs.gentoo.org/688332
    Package-Manager: Portage-2.3.67, Repoman-2.3.14
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest              |  92 +++++++
 www-client/firefox/firefox-60.7.2.ebuild | 436 +++++++++++++++++++++++++++++++
 2 files changed, 528 insertions(+)
Comment 7 Thomas Deutschmann gentoo-dev Security 2019-06-20 18:11:58 UTC
New GLSA request filed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2019-08-15 15:53:09 UTC
This issue was resolved and addressed in
 GLSA 201908-12 at https://security.gentoo.org/glsa/201908-12
by GLSA coordinator Aaron Bauman (b-man).