Oval Definition:oval:org.opensuse.security:def:125974
Revision Date:2019-09-23Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox to ESR 60.9 fixes the following issues:

Security issues fixed:

- CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299)
Family:unixClass:patch
Status:Reference(s):1149294
1149295
1149296
1149297
1149298
1149299
1149303
1149304
1149324
CVE-2019-11740
CVE-2019-11742
CVE-2019-11743
CVE-2019-11744
CVE-2019-11746
CVE-2019-11752
CVE-2019-11753
CVE-2019-9812
SUSE-SU-2019:2436-1
Platform(s):SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP4
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • OR SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
  • AND MozillaFirefox-devel-60.9.0-109.86.1 is installed
    • BACK