Oval Definition:oval:com.redhat.rhsa:def:20191269
Revision Date:2019-05-23Version:636
Title:RHSA-2019:1269: firefox security update (Critical)
Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 60.7.0 ESR.

Security Fix(es):

  • Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)

  • Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)

  • Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)

  • Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)

  • Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)

  • Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)

  • Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)

  • Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)

  • Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)

  • mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)

  • chromium-browser: Out of bounds read in Skia (CVE-2019-5798)

  • Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)

  • libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2018-18511
    CVE-2019-11691
    CVE-2019-11692
    CVE-2019-11693
    CVE-2019-11698
    CVE-2019-5798
    CVE-2019-7317
    CVE-2019-9797
    CVE-2019-9800
    CVE-2019-9816
    CVE-2019-9817
    CVE-2019-9819
    CVE-2019-9820
    RHSA-2019:1269
    Platform(s):Red Hat Enterprise Linux 8
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • firefox is earlier than 0:60.7.0-1.el8_0
  • AND firefox is signed with Red Hat redhatrelease2 key
  • AND
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
  • BACK