Comment 1 Thomas Deutschmann (RETIRED) 2019-06-18 22:39:36 UTC

CVE-2019-11707: Type confusion in Array.pop

Impact
  critical

Description
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

Comment 2 Thomas Deutschmann (RETIRED) 2019-06-19 00:02:20 UTC

x86 stable

Comment 3 Aaron Bauman (RETIRED) 2019-06-19 02:09:40 UTC

arm64 stable

Comment 4 Mikle Kolyada (RETIRED) 2019-06-20 09:18:41 UTC

amd64 stable

Comment 5 Thomas Deutschmann (RETIRED) 2019-06-20 17:57:43 UTC

Adding

CVE-2019-11708: sandbox escape using Prompt:Open

Impact
    high

Description

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.

Comment 6 Larry the Git Cow 2019-06-20 18:11:09 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfaaac74d8b5e759edb8bd746f23966e8831ccec

commit dfaaac74d8b5e759edb8bd746f23966e8831ccec
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-06-20 18:08:27 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-06-20 18:10:59 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/688332
    Package-Manager: Portage-2.3.67, Repoman-2.3.14
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest              | 553 -----------------------
 www-client/firefox/firefox-60.7.0.ebuild | 436 ------------------
 www-client/firefox/firefox-60.7.1.ebuild | 436 ------------------
 www-client/firefox/firefox-66.0.5.ebuild | 746 ------------------------------
 www-client/firefox/firefox-67.0.2.ebuild | 752 -------------------------------
 www-client/firefox/firefox-67.0.3.ebuild | 752 -------------------------------
 www-client/firefox/firefox-67.0.ebuild   | 752 -------------------------------
 7 files changed, 4427 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=402ec142ca95ea111f0523102a23db9a0338da62

commit 402ec142ca95ea111f0523102a23db9a0338da62
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-06-20 18:07:20 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-06-20 18:10:58 +0000

    www-client/firefox: bump to v67.0.4
    
    Bug: https://bugs.gentoo.org/688332
    Package-Manager: Portage-2.3.67, Repoman-2.3.14
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest              |  92 ++++
 www-client/firefox/firefox-67.0.4.ebuild | 752 +++++++++++++++++++++++++++++++
 2 files changed, 844 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b16a52dc3814c061d51e1d81ee5258e3ef81a1d

commit 8b16a52dc3814c061d51e1d81ee5258e3ef81a1d
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-06-20 18:03:21 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-06-20 18:10:57 +0000

    www-client/firefox: bump to v60.7.2
    
    Bug: https://bugs.gentoo.org/688332
    Package-Manager: Portage-2.3.67, Repoman-2.3.14
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest              |  92 +++++++
 www-client/firefox/firefox-60.7.2.ebuild | 436 +++++++++++++++++++++++++++++++
 2 files changed, 528 insertions(+)

Comment 7 Thomas Deutschmann (RETIRED) 2019-06-20 18:11:58 UTC

New GLSA request filed.

Comment 8 GLSAMaker/CVETool Bot 2019-08-15 15:53:09 UTC

This issue was resolved and addressed in
 GLSA 201908-12 at https://security.gentoo.org/glsa/201908-12
by GLSA coordinator Aaron Bauman (b-man).