Bug 1149295 (CVE-2019-11753)

Summary: VUL-0: CVE-2019-11753: MozillaFirefox: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Charles Robertson <cgrobertson>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: Andreas.Stieger, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/241685/
Whiteboard: CVSSv2:NVD:CVE-2019-11753:4.6:(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1149323, 1149324    
Bug Blocks:    

Description Alexander Bergmann 2019-09-04 06:48:47 UTC
CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location

Reporter   Holger Fuhrmannek
Impact     high

Description
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally.

Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.


References:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11753
https://bugzilla.mozilla.org/show_bug.cgi?id=1574980
https://bugzilla.redhat.com/show_bug.cgi?id=1748659
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11753
Comment 1 Andreas Stieger 2019-09-04 08:49:23 UTC
Not affected.
Comment 4 Swamp Workflow Management 2019-09-17 19:18:58 UTC
SUSE-SU-2019:14173-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1145550,1149294,1149295,1149296,1149297,1149298,1149299,1149303
CVE References: CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11752,CVE-2019-11753,CVE-2019-9812
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    MozillaFirefox-60.9.0esr-78.46.2, firefox-glib2-2.54.3-2.11.1, firefox-gtk3-3.10.9-2.12.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2019-09-23 16:11:15 UTC
SUSE-SU-2019:2436-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1149294,1149295,1149296,1149297,1149298,1149299,1149303,1149304,1149324
CVE References: CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11752,CVE-2019-11753,CVE-2019-9812
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE OpenStack Cloud 8 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE OpenStack Cloud 7 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Server 12-SP5 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Server 12-SP4 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Desktop 12-SP5 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Enterprise Storage 5 (src):    MozillaFirefox-60.9.0-109.86.1
SUSE Enterprise Storage 4 (src):    MozillaFirefox-60.9.0-109.86.1
HPE Helion Openstack 8 (src):    MozillaFirefox-60.9.0-109.86.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2019-10-03 19:12:43 UTC
SUSE-SU-2019:2545-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 1109465,1117473,1123482,1124525,1133810,1138688,1140868,1141322,1145665,1149292,1149293,1149294,1149295,1149296,1149297,1149298,1149299,1149302,1149303,1149304,1149323
CVE References: CVE-2019-11710,CVE-2019-11714,CVE-2019-11716,CVE-2019-11718,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-9811,CVE-2019-9812
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    MozillaFirefox-68.1.0-3.54.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    MozillaFirefox-68.1.0-3.54.2
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    MozillaFirefox-68.1.0-3.54.2, MozillaFirefox-branding-SLE-68-4.8.5
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    MozillaFirefox-68.1.0-3.54.2, MozillaFirefox-branding-SLE-68-4.8.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2019-10-05 04:12:47 UTC
openSUSE-SU-2019:2251-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 1109465,1117473,1123482,1124525,1133810,1138688,1140868,1141322,1145665,1149292,1149293,1149294,1149295,1149296,1149297,1149298,1149299,1149302,1149303,1149304,1149323
CVE References: CVE-2019-11710,CVE-2019-11714,CVE-2019-11716,CVE-2019-11718,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-9811,CVE-2019-9812
Sources used:
openSUSE Leap 15.1 (src):    MozillaFirefox-68.1.0-lp151.2.14.1
Comment 10 Swamp Workflow Management 2019-10-06 13:20:37 UTC
openSUSE-SU-2019:2260-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 1109465,1117473,1123482,1124525,1133810,1138688,1140868,1141322,1145665,1149292,1149293,1149294,1149295,1149296,1149297,1149298,1149299,1149302,1149303,1149304,1149323
CVE References: CVE-2019-11710,CVE-2019-11714,CVE-2019-11716,CVE-2019-11718,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-9811,CVE-2019-9812
Sources used:
openSUSE Leap 15.0 (src):    MozillaFirefox-68.1.0-lp150.3.66.1