Oval Definition:oval:com.redhat.rhsa:def:20191763
Revision Date:2019-07-11Version:636
Title:RHSA-2019:1763: firefox security update (Critical)
Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 60.8.0 ESR.

Security Fix(es):

  • Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709)

  • Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811)

  • Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711)

  • Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712)

  • Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713)

  • Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715)

  • Mozilla: Caret character improperly escaped in origins (CVE-2019-11717)

  • Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2019-11709
    CVE-2019-11711
    CVE-2019-11712
    CVE-2019-11713
    CVE-2019-11715
    CVE-2019-11717
    CVE-2019-11730
    CVE-2019-9811
    RHSA-2019:1763
    RHSA-2019:1763-01
    Platform(s):Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND firefox is earlier than 0:60.8.0-1.el7_6
  • AND firefox is signed with Red Hat redhatrelease2 key
  • BACK