{"id":1444,"date":"2019-07-11T09:11:41","date_gmt":"2019-07-11T14:11:41","guid":{"rendered":"https:\/\/cert.pa\/?p=1444"},"modified":"2019-07-12T13:54:01","modified_gmt":"2019-07-12T18:54:01","slug":"csirt-panama-aviso-2019-07-10-aviso-de-seguridad-mozilla","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=1444","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2019-07-10 Aviso de seguridad Mozilla"},"content":{"rendered":"\n<p>Gravedad: Cr\u00edtica<br>\nFecha de publicaci\u00f3n: 10 julio 2019<br>\nFecha de modificaci\u00f3n: 10 julio 2019<br>\n\u00daltima revisi\u00f3n: Revisi\u00f3n A.<br>\nFuente: Mozilla Foundation Security Advisories<\/p>\n\n\n\n<p><strong>Sistemas Afectados<\/strong><br> Mozilla Firefox, versiones anteriores a 68.<br> Mozilla Firefox ESR, versiones anteriores a 60.8.<\/p>\n\n\n\n<p><strong>I. Descripci\u00f3n<\/strong><\/p>\n\n\n\n<p>La Fundaci\u00f3n Mozilla ha publicado recientemente unos avisos de seguridad que afectan a los productos Firefox y Firefox ESR. Las vulnerabilidades son:<\/p>\n\n\n\n<p>Impacto cr\u00edtico.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>CVE-2019-11710 y CVE-2019-11709. Errores de seguridad de memoria (Memory safety bugs). Estas vulnerabilidades podr\u00edan ser explotadas permitiendo a un atacante remoto ejecutar c\u00f3digo arbitrario.<\/li><\/ul>\n\n\n\n<p>Impacto alto.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>CVE-2019-9811. Escape del entorno virtualizado sandbox mediante la instalaci\u00f3n de un paquete de lenguaje.<\/li><li>CVE-2019-11711. Inyecci\u00f3n de script dentro un dominio a trav\u00e9s de reutilizaci\u00f3n de ventana.<\/li><li>CVE-2019-11712. Referencia de origen cruzado de peticiones POST mediante plugins NPAPI.<\/li><li>CVE-2019-11713. Error de corrupci\u00f3n de memoria (use-after-free) con tr\u00e1fico almacenado HTTP\/2.<\/li><\/ul>\n\n\n\n<p>Para mayor informaci\u00f3n, referirse a la &#8220;secci\u00f3n III. Referencia a soluciones, herramientas e informaci\u00f3n&#8221;.<\/p>\n\n\n\n<p><strong>II. Impacto<\/strong><\/p>\n\n\n\n<p>Complejidad de Acceso: Alta.<br>\nAutenticaci\u00f3n: No requerida para explotarla.<br>\nTipo de impacto: Compromiso parcial o total del sistema.<\/p>\n\n\n\n<p><strong>III. Referencia a soluciones, herramientas e informaci\u00f3n<\/strong><\/p>\n\n\n\n<p>a. https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2019-21\/  <br>\nb. https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2019-22\/  <\/p>\n\n\n\n<p><strong>IV. Informaci\u00f3n de contacto<\/strong><\/p>\n\n\n\n<p>CSIRT PANAMA<br>\nAutoridad Nacional para la Innovaci\u00f3n Gubernamenta<br>\nlE-mail: info@cert.pa<br>\nWeb:http:\/\/cert.pa<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gravedad: Cr\u00edtica Fecha de publicaci\u00f3n: 10 julio 2019 Fecha de modificaci\u00f3n: 10 julio 2019 \u00daltima revisi\u00f3n: Revisi\u00f3n A. Fuente: Mozilla Foundation Security Advisories Sistemas Afectados Mozilla Firefox, versiones anteriores a 68. Mozilla Firefox ESR, versiones&#8230;<\/p>\n","protected":false},"author":4,"featured_media":1450,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1444"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1444\/revisions"}],"predecessor-version":[{"id":1445,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1444\/revisions\/1445"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1450"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}