Описание
Security update for Mozilla Firefox
This update contains the Mozilla Firefox ESR 68.2 release.
Mozilla Firefox was updated to ESR 68.2 release:
-
Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page.
-
Various security fixes: MFSA 2019-33 (bsc#1154738)
- CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
- CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
- CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
- CVE-2019-11759: Stack buffer overflow in HKDF output
- CVE-2019-11760: Stack buffer overflow in WebRTC networking
- CVE-2019-11761: Unintended access to a privileged JSONView object
- CVE-2019-11762: document.domain-based origin isolation has same-origin- property violation
- CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
- CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
Other Issues resolved:
- [bsc#1104841] Newer versions of firefox have a dependency on GLIBCXX_3.4.20
- [bsc#1074235] MozillaFirefox: background tab crash reports sent inadvertently without user opt-in
- [bsc#1043008] Firefox hangs randomly when browsing and scrolling
- [bsc#1025108] Firefox stops loading page until mouse is moved
- [bsc#905528] Firefox malfunctions due to broken omni.ja archives
Список пакетов
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2019:14246-1
- E-Mail link for SUSE-SU-2019:14246-1
- SUSE Security Ratings
- SUSE Bug 1000036
- SUSE Bug 1001652
- SUSE Bug 1025108
- SUSE Bug 1029377
- SUSE Bug 1029902
- SUSE Bug 1040164
- SUSE Bug 104105
- SUSE Bug 1042670
- SUSE Bug 1043008
- SUSE Bug 1044946
- SUSE Bug 1047925
- SUSE Bug 1047936
- SUSE Bug 1048299
- SUSE Bug 1049186
- SUSE Bug 1050653
- SUSE Bug 1056058
- SUSE Bug 1058013
Описание
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
Затронутые продукты
Ссылки
- CVE-2013-2882
- SUSE Bug 833343
Описание
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.
Затронутые продукты
Ссылки
- CVE-2013-6639
- SUSE Bug 854473
Описание
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.
Затронутые продукты
Ссылки
- CVE-2013-6640
- SUSE Bug 854473
Описание
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2013-6668
- SUSE Bug 866959
Описание
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Затронутые продукты
Ссылки
- CVE-2014-0224
- SUSE Bug 1146657
- SUSE Bug 880891
- SUSE Bug 881743
- SUSE Bug 883126
- SUSE Bug 885777
- SUSE Bug 892403
- SUSE Bug 901237
- SUSE Bug 903703
- SUSE Bug 905018
- SUSE Bug 905106
- SUSE Bug 914447
- SUSE Bug 915913
- SUSE Bug 916239
Описание
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.
Затронутые продукты
Ссылки
- CVE-2015-3193
- SUSE Bug 1022086
- SUSE Bug 1066242
- SUSE Bug 1071906
- SUSE Bug 957814
- SUSE Bug 960151
- SUSE Bug 990370
Описание
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
Затронутые продукты
Ссылки
- CVE-2015-3194
- SUSE Bug 957812
- SUSE Bug 957815
- SUSE Bug 958768
- SUSE Bug 976341
- SUSE Bug 990370
Описание
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.
Затронутые продукты
Ссылки
- CVE-2015-5380
- SUSE Bug 937414
- SUSE Bug 937416
Описание
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2015-7384
- SUSE Bug 948602
Описание
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Затронутые продукты
Ссылки
- CVE-2016-2086
- SUSE Bug 966076
- SUSE Bug 966077
Описание
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
Затронутые продукты
Ссылки
- CVE-2016-2178
- SUSE Bug 1004104
- SUSE Bug 983249
- SUSE Bug 983519
- SUSE Bug 999665
Описание
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Затронутые продукты
Ссылки
- CVE-2016-2183
- SUSE Bug 1001912
- SUSE Bug 1024218
- SUSE Bug 1027038
- SUSE Bug 1034689
- SUSE Bug 1056614
- SUSE Bug 1171693
- SUSE Bug 994844
- SUSE Bug 995359
Описание
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.
Затронутые продукты
Ссылки
- CVE-2016-2216
- SUSE Bug 966076
- SUSE Bug 966077
Описание
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
Затронутые продукты
Ссылки
- CVE-2016-5172
- SUSE Bug 998743
Описание
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
Затронутые продукты
Ссылки
- CVE-2016-5325
- SUSE Bug 985201
- SUSE Bug 985202
Описание
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Затронутые продукты
Ссылки
- CVE-2016-6304
- SUSE Bug 1001706
- SUSE Bug 1003811
- SUSE Bug 1004104
- SUSE Bug 1005579
- SUSE Bug 1021375
- SUSE Bug 999665
- SUSE Bug 999666
Описание
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Затронутые продукты
Ссылки
- CVE-2016-6306
- SUSE Bug 1004104
- SUSE Bug 999665
- SUSE Bug 999668
Описание
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
Затронутые продукты
Ссылки
- CVE-2016-7052
- SUSE Bug 1001148
Описание
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Затронутые продукты
Ссылки
- CVE-2016-7099
- SUSE Bug 1001652
Описание
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
Затронутые продукты
Ссылки
- CVE-2017-1000381
- SUSE Bug 1044946
Описание
In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
Затронутые продукты
Ссылки
- CVE-2017-10686
- SUSE Bug 1047936
Описание
In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-11111
- SUSE Bug 1047925
- SUSE Bug 1073798
Описание
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.
Затронутые продукты
Ссылки
- CVE-2017-11499
- SUSE Bug 1044849
- SUSE Bug 1048299
- SUSE Bug 1051117
Описание
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.
Затронутые продукты
Ссылки
- CVE-2017-14228
- SUSE Bug 1058013
Описание
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
Затронутые продукты
Ссылки
- CVE-2017-14849
- SUSE Bug 1060820
Описание
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
Затронутые продукты
Ссылки
- CVE-2017-14919
- SUSE Bug 1059050
Описание
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.
Затронутые продукты
Ссылки
- CVE-2017-15896
- SUSE Bug 1071905
- SUSE Bug 1072322
Описание
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.
Затронутые продукты
Ссылки
- CVE-2017-15897
- SUSE Bug 1072320
Описание
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.
Затронутые продукты
Ссылки
- CVE-2017-17810
- SUSE Bug 1073796
Описание
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.
Затронутые продукты
Ссылки
- CVE-2017-17811
- SUSE Bug 1073798
Описание
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2017-17812
- SUSE Bug 1073799
Описание
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
Затронутые продукты
Ссылки
- CVE-2017-17813
- SUSE Bug 1073803
Описание
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2017-17814
- SUSE Bug 1073808
Описание
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.
Затронутые продукты
Ссылки
- CVE-2017-17815
- SUSE Bug 1073818
Описание
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2017-17816
- SUSE Bug 1073823
Описание
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
Затронутые продукты
Ссылки
- CVE-2017-17817
- SUSE Bug 1073829
Описание
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
Затронутые продукты
Ссылки
- CVE-2017-17818
- SUSE Bug 1073830
Описание
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
Затронутые продукты
Ссылки
- CVE-2017-17819
- SUSE Bug 1073832
Описание
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
Затронутые продукты
Ссылки
- CVE-2017-17820
- SUSE Bug 1073846
Описание
** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions."
Затронутые продукты
Ссылки
- CVE-2017-18207
- SUSE Bug 1083507
Описание
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
Затронутые продукты
Ссылки
- CVE-2017-3735
- SUSE Bug 1056058
Описание
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Затронутые продукты
Ссылки
- CVE-2017-3736
- SUSE Bug 1066242
- SUSE Bug 1071906
- SUSE Bug 1076369
- SUSE Bug 957814
Описание
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.
Затронутые продукты
Ссылки
- CVE-2017-3738
- SUSE Bug 1071906
- SUSE Bug 1097757
Описание
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
Затронутые продукты
Ссылки
- CVE-2018-0732
- SUSE Bug 1077628
- SUSE Bug 1097158
- SUSE Bug 1099502
- SUSE Bug 1106692
- SUSE Bug 1108542
- SUSE Bug 1110163
- SUSE Bug 1112097
- SUSE Bug 1122198
- SUSE Bug 1148697
Описание
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.
Затронутые продукты
Ссылки
- CVE-2018-1000168
- SUSE Bug 1088639
- SUSE Bug 1097401
Описание
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.
Затронутые продукты
Ссылки
- CVE-2018-12115
- SUSE Bug 1105019
Описание
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.
Затронутые продукты
Ссылки
- CVE-2018-12116
- SUSE Bug 1117630
Описание
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.
Затронутые продукты
Ссылки
- CVE-2018-12121
- SUSE Bug 1117626
- SUSE Bug 1127532
Описание
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
Затронутые продукты
Ссылки
- CVE-2018-12122
- SUSE Bug 1117627
Описание
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.
Затронутые продукты
Ссылки
- CVE-2018-12123
- SUSE Bug 1117629
Описание
Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Затронутые продукты
Ссылки
- CVE-2018-20406
- SUSE Bug 1120644
Описание
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.
Затронутые продукты
Ссылки
- CVE-2018-20852
- SUSE Bug 1141853
Описание
The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.
Затронутые продукты
Ссылки
- CVE-2018-7158
- SUSE Bug 1087459
Описание
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.
Затронутые продукты
Ссылки
- CVE-2018-7159
- SUSE Bug 1087453
Описание
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
Затронутые продукты
Ссылки
- CVE-2018-7160
- SUSE Bug 1087463
- SUSE Bug 1182620
Описание
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.
Затронутые продукты
Ссылки
- CVE-2018-7161
- SUSE Bug 1097404
Описание
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.
Затронутые продукты
Ссылки
- CVE-2018-7167
- SUSE Bug 1097375
Описание
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
Затронутые продукты
Ссылки
- CVE-2019-10160
- SUSE Bug 1138459
Описание
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Затронутые продукты
Ссылки
- CVE-2019-11709
- SUSE Bug 1140868
Описание
Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68.
Затронутые продукты
Ссылки
- CVE-2019-11710
- SUSE Bug 1140868
Описание
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Затронутые продукты
Ссылки
- CVE-2019-11711
- SUSE Bug 1140868
Описание
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Затронутые продукты
Ссылки
- CVE-2019-11712
- SUSE Bug 1140868
Описание
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Затронутые продукты
Ссылки
- CVE-2019-11713
- SUSE Bug 1140868
Описание
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68.
Затронутые продукты
Ссылки
- CVE-2019-11714
- SUSE Bug 1140868
Описание
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Затронутые продукты
Ссылки
- CVE-2019-11715
- SUSE Bug 1140868
Описание
Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68.
Затронутые продукты
Ссылки
- CVE-2019-11716
- SUSE Bug 1140868
Описание
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Затронутые продукты
Ссылки
- CVE-2019-11717
- SUSE Bug 1140868
Описание
Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68.
Затронутые продукты
Ссылки
- CVE-2019-11718
- SUSE Bug 1140868
Описание
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Затронутые продукты
Ссылки
- CVE-2019-11719
- SUSE Bug 1140868
Описание
Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68.
Затронутые продукты
Ссылки
- CVE-2019-11720
- SUSE Bug 1140868
Описание
The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68.
Затронутые продукты
Ссылки
- CVE-2019-11721
- SUSE Bug 1140868
Описание
A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox < 68.
Затронутые продукты
Ссылки
- CVE-2019-11723
- SUSE Bug 1140868
Описание
Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68.
Затронутые продукты
Ссылки
- CVE-2019-11724
- SUSE Bug 1140868
Описание
When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68.
Затронутые продукты
Ссылки
- CVE-2019-11725
- SUSE Bug 1140868
Описание
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.
Затронутые продукты
Ссылки
- CVE-2019-11727
- SUSE Bug 1140868
- SUSE Bug 1141322
Описание
The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68.
Затронутые продукты
Ссылки
- CVE-2019-11728
- SUSE Bug 1140868
Описание
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Затронутые продукты
Ссылки
- CVE-2019-11729
- SUSE Bug 1140868
Описание
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Затронутые продукты
Ссылки
- CVE-2019-11730
- SUSE Bug 1140868
Описание
When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.
Затронутые продукты
Ссылки
- CVE-2019-11733
- SUSE Bug 1145665
Описание
Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11735
- SUSE Bug 1149293
- SUSE Bug 1149323
- SUSE Bug 1149324
Описание
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. <br>*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11736
- SUSE Bug 1149292
- SUSE Bug 1149323
- SUSE Bug 1149324
Описание
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11738
- SUSE Bug 1149302
- SUSE Bug 1149323
- SUSE Bug 1149324
Описание
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11740
- SUSE Bug 1149299
- SUSE Bug 1149323
- SUSE Bug 1149324
- SUSE Bug 1150940
Описание
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11742
- SUSE Bug 1149303
- SUSE Bug 1149323
- SUSE Bug 1149324
- SUSE Bug 1150940
Описание
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11743
- SUSE Bug 1149298
- SUSE Bug 1149323
- SUSE Bug 1149324
- SUSE Bug 1150940
Описание
Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11744
- SUSE Bug 1149304
- SUSE Bug 1149323
- SUSE Bug 1149324
- SUSE Bug 1150940
Описание
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11746
- SUSE Bug 1149297
- SUSE Bug 1149323
- SUSE Bug 1149324
- SUSE Bug 1150940
Описание
The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site's HSTS setting will be restored. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11747
- SUSE Bug 1149301
- SUSE Bug 1149323
- SUSE Bug 1149324
Описание
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11748
- SUSE Bug 1149291
- SUSE Bug 1149323
- SUSE Bug 1149324
Описание
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11749
- SUSE Bug 1149290
- SUSE Bug 1149323
- SUSE Bug 1149324
Описание
A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11750
- SUSE Bug 1149289
- SUSE Bug 1149323
- SUSE Bug 1149324
Описание
Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11751
- SUSE Bug 1149286
- SUSE Bug 1149323
- SUSE Bug 1149324
Описание
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11752
- SUSE Bug 1149296
- SUSE Bug 1149323
- SUSE Bug 1149324
- SUSE Bug 1150940
Описание
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Затронутые продукты
Ссылки
- CVE-2019-11753
- SUSE Bug 1149295
- SUSE Bug 1149323
- SUSE Bug 1149324
Описание
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Затронутые продукты
Ссылки
- CVE-2019-11757
- SUSE Bug 1154738
Описание
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
Затронутые продукты
Ссылки
- CVE-2019-11758
- SUSE Bug 1154738
Описание
An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Затронутые продукты
Ссылки
- CVE-2019-11759
- SUSE Bug 1154738
Описание
A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Затронутые продукты
Ссылки
- CVE-2019-11760
- SUSE Bug 1154738
Описание
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Затронутые продукты
Ссылки
- CVE-2019-11761
- SUSE Bug 1154738
Описание
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Затронутые продукты
Ссылки
- CVE-2019-11762
- SUSE Bug 1154738
Описание
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Затронутые продукты
Ссылки
- CVE-2019-11763
- SUSE Bug 1154738
Описание
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Затронутые продукты
Ссылки
- CVE-2019-11764
- SUSE Bug 1154738
Описание
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Затронутые продукты
Ссылки
- CVE-2019-13173
- SUSE Bug 1140290
Описание
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Затронутые продукты
Ссылки
- CVE-2019-15903
- SUSE Bug 1149429
- SUSE Bug 1154738
- SUSE Bug 1154806
Описание
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2019-5010
- SUSE Bug 1122191
- SUSE Bug 1126909
Описание
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.
Затронутые продукты
Ссылки
- CVE-2019-5737
- SUSE Bug 1127532
Описание
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Затронутые продукты
Ссылки
- CVE-2019-9511
- SUSE Bug 1145579
- SUSE Bug 1146091
- SUSE Bug 1146182
- SUSE Bug 1193427
- SUSE Bug 1202787
Описание
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Затронутые продукты
Ссылки
- CVE-2019-9512
- SUSE Bug 1145663
- SUSE Bug 1146099
- SUSE Bug 1146111
- SUSE Bug 1147142
Описание
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Затронутые продукты
Ссылки
- CVE-2019-9513
- SUSE Bug 1145580
- SUSE Bug 1146094
- SUSE Bug 1146184
- SUSE Bug 1193427
- SUSE Bug 1202787
Описание
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
Затронутые продукты
Ссылки
- CVE-2019-9514
- SUSE Bug 1145662
- SUSE Bug 1145663
- SUSE Bug 1146095
- SUSE Bug 1146115
- SUSE Bug 1147142
Описание
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Затронутые продукты
Ссылки
- CVE-2019-9515
- SUSE Bug 1145663
- SUSE Bug 1146100
Описание
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
Затронутые продукты
Ссылки
- CVE-2019-9516
- SUSE Bug 1145582
- SUSE Bug 1146090
- SUSE Bug 1193427
Описание
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
Затронутые продукты
Ссылки
- CVE-2019-9517
- SUSE Bug 1145575
- SUSE Bug 1146097
Описание
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
Затронутые продукты
Ссылки
- CVE-2019-9518
- SUSE Bug 1145662
- SUSE Bug 1145663
- SUSE Bug 1146093
Описание
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Затронутые продукты
Ссылки
- CVE-2019-9636
- SUSE Bug 1129346
- SUSE Bug 1135433
- SUSE Bug 1138459
- SUSE Bug 1145004
Описание
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Затронутые продукты
Ссылки
- CVE-2019-9811
- SUSE Bug 1140868
Описание
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.
Затронутые продукты
Ссылки
- CVE-2019-9812
- SUSE Bug 1149294
- SUSE Bug 1149323
- SUSE Bug 1149324
Описание
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Затронутые продукты
Ссылки
- CVE-2019-9947
- SUSE Bug 1130840
- SUSE Bug 1136184
- SUSE Bug 1155094
- SUSE Bug 1201559