Several High Severity Bugs Fixed in Firefox and Chrome
CYBER NEWS

Several High Severity Bugs Fixed in Firefox and Chrome




A bunch of critical security vulnerabilities affect Mozilla Firefox browser. Another high-severity flaw was also discovered in Google Chrome. It appears that all bugs could lead to arbitrary code execution.

According to an advisory by MS-ISAC (Multi-State Information Sharing and Analysis Center), depending on the privileges associated with the user, an attacker could install programs, as well as view, change or delete data. An attacker could also create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights, the advisory said.

Mozilla Firefox’s Bugs

According to Mozilla’s advisory, 9 security issues were fixed in Firefox ESR. The CVE-2019-11764 advisory, in particular, is described as a memory safety issue, and has addressed several issues in Firefox 69 and Firefox ESR 68.1. The impact of the vulnerability is rated as critical.

The Mozilla Foundation says that some of the vulnerabilities displayed “evidence of memory corruption” meaning that they could be exploited by determined attackers to run arbitrary code. It appears that large and medium government and business organizations are mostly at risk.

Related: CVE-2019-1367: Zero-Day in Internet Explorer, Patch Now

Other high-severity bugs addressed in the latest patch of Firefox ESR include the following:
CVE-2019-15903 – a heap overflow in expat library in XML_GetCurrentLineNumber;
CVE-2019-11758 – a potentially exploitable crash due to 360 Total Security;
CVE-2019-11757 – a use-after-free bug that occurs when creating index updates in IndexedDB.

Several high-severity vulnerabilities were fixed in Mozilla Firefox are CVE-2019-15903 and CVE-2019-11757 which also affect Firefox ESR, and a heap buffer overflow in FEC processing in WebRTC known under the CVE-2018-6156 identifier.
The recommendation MS-ISAC gives is patching immediately but only after appropriate testing is done.

Chrome Chrome’s Issues

The Google Chrome update has fixed a total of 37 security issues. One of the vulnerabilities was reported by security researcher Man Yue of Semmle Security Research Team, who got paid a bounty of $20,000. The vulnerability in question is CVE-2019-13699 – a highly severe use-after-free issue in media. There are two other severe bugs fixed in the browser – CVE-2019-13700 (a buffer overrun in Blink) and CVE-2019-13701 (URL spoof in navigation.)

More information about Chrome’s issues is available in Google’s advisory.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...