Oval Definition:oval:com.redhat.rhsa:def:20193196
Revision Date:2019-10-24Version:636
Title:RHSA-2019:3196: firefox security update (Critical)
Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.2.0 ESR.

Security Fix(es):

  • Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764)

  • Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757)

  • Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758)

  • Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759)

  • Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760)

  • Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761)

  • Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762)

  • Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2019-11757
    CVE-2019-11758
    CVE-2019-11759
    CVE-2019-11760
    CVE-2019-11761
    CVE-2019-11762
    CVE-2019-11763
    CVE-2019-11764
    CVE-2019-15903
    RHSA-2019:3196
    Platform(s):Red Hat Enterprise Linux 8
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • firefox is earlier than 0:68.2.0-2.el8_0
  • AND firefox is signed with Red Hat redhatrelease2 key
  • AND
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
    • BACK