The only critical-severity bug is CVE-2019-11751, a malicious code execution flaw caused by improper sanitization of logging-related command line parameters. According to Mozilla’s Firefox security advisory, the issue surfaces on Windows-based machines “when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application.” Mozilla warns that the issue could be exploited “to write a log file to an arbitrary location such as the Windows ‘Startup’ folder.”
All 20 of the bugs were found in Firefox 69. In addition to the one critical issue, there were 11 high-severity vulnerabilities, five medium-level ones and three low-severity ones. ESR 68.1 was found to contain 16 of the 20 bugs, and version 60.9 was discovered to have eight of the 20.
Meanwhile, Cisco yesterday issued advisories for vulnerabilities in seven of its products. The flaws were all assessed to have either a high- or medium-level impact, but the two most serious were an arbitrary command execution vulnerability in the Webex Teams client for Windows (CVE-2019-1939) and a configuration data information disclosure vulnerability in Cisco’s Industrial Network Director (CVE-2019-1976).
Other affected products include Unified Contact Center Express, Content Security Management Appliance, Jabber Client Framework for Mac, Identity Services Engine and Finesse. All but one of Cisco’s advisories – the one for the JCF – specifically allude to software updates that can currently be downloaded to patch the issue.
Cisco also issued an additional “informational” security advisory detailing multiple issues discovered by the consulting firm SEC Consult in its firmware images for Cisco RV240 Dual WAN Gigabit VPN routers. These issues include undocumented user accounts, hard-coded password hashes, unnecessary software pages and vulnerabilities in third-party software components. Cisco says it responded to SEC Consult’s disclosures by removing certain user accounts and and software packages.
Finally, Samba developers yesterday issued an update to address CVE-2019-10197, a vulnerability that allows clients to escape the share root directory. The vulnerability is found in all versions of the SMB SMB networking protocol implementation, from 4.9.0 on.
“Under certain parameter configurations, when an SMB client accesses a network share and the user does not have permission to access the share root directory, it is possible for the user to escape from the share to see the complete ‘/’ filesystem.” Samba explains in a security advisory. “Unix permission checks in the kernel are still enforced.”
Samba further details the specific configurations that cause the problem in its advisory. The vulnerability can be patched by downloading Samva 4.9.13, 4.10.8 or 4.11.0rc3.