On Tuesday, Mozilla He launched a new version of your browser. We knew that the new installment of Firefox arrived with improved security, since the ETP (Enhanced Tracking Protection) included new functions activated by default, but we did not look in the section that talks about security fixes, partly because most of the time they talk about minor bugs. If we have looked it has been because Canonical posted their own report that lists several CVE vulnerabilities that Mozilla has fixed in Firefox 69.
To be more specific, Firefox 69 fixed 17 CVE vulnerabilities, all of them of medium priority according to Canonical, some of high priority according to Mozilla, such as CVE-2019-11741 o CVE-2019-9812. Canonical says that Ubuntu versions 19.04, 18.04 LTS and 16.04 LTS are compromised, but the security flaws appear on Mozilla's security web page, so I think I am not wrong if I say that all versions of all are affected. operating systems, Linux or not.
17 vulnerabilities of medium urgency are discovered in Firefox
- Security flaws CVE-2019-5849, CVE-2019-11734, CVE-2019-11735, CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019- 11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750 and CVE-2019-11752 can be used if they trick us into opening specially designed websites, with so an attacker could exploit this action to obtain sensitive information, bypass CSP protections, bypass same-origin restrictions, perform XSS attacks, cause denial of service (DoS), or execute arbitrary code. The complete package, come on.
- The CVE-2019-9812 bug can be used by an attacker in combination with another vulnerability to disable the sandbox.
- The CVE-2019-11741 vulnerability would allow an attacker, in combination with another vulnerability, to launch XSS attacks to modify browser settings.
- And the CVE-2019-11747 bug would allow an attacker to bypass the protections offered by HSTS.
To correct all these bugs, the solution is simple: we open our software center or the Software Update application of our Ubuntu-based distribution and we apply the updates. The one we are interested in is "firefox - 69.0 + build2-0ubuntu0." + the version of the operating system. Do it now, for what may happen.