Oval Definition:	oval:org.opensuse.security:def:63893
Revision Date: 2020-12-01 Version: 1 Title: Security update for MozillaFirefox (Important) Description: This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Family: unix Class: patch Status: Reference(s): 1088004 1088009 1106843 1113719 1125330 1127987 1129821 1130262 1130840 1133719 1137137 1138734 1141853 1142721 1142743 1145586 1146065 1146068 1146211 1146212 1146213 1149100 1149955 1151781 1151782 1151783 1151784 1151785 1151786 1153238 1154093 1160888 1162423 1166484 1167465 1168421 1168683 1168911 1173274 1174091 1174701 1178593 941629 CVE-2017-18926 CVE-2018-11782 CVE-2018-14647 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2018-18751 CVE-2018-20852 CVE-2019-0203 CVE-2019-14907 CVE-2019-14980 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16056 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 CVE-2019-16935 CVE-2019-20907 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 CVE-2019-9947 CVE-2020-10703 CVE-2020-14422 CVE-2020-1760 CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6450 CVE-2020-6451 CVE-2020-6452 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 openSUSE-SU-2019:1910-1 openSUSE-SU-2019:2515-1 openSUSE-SU-2020:0519-1 openSUSE-SU-2020:1278-1 SUSE-SU-2019:0852-1 SUSE-SU-2020:0233-1 SUSE-SU-2020:0962-1 SUSE-SU-2020:1289-1 SUSE-SU-2020:3351-1 Platform(s): openSUSE Leap 15.1 openSUSE Leap 15.2 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS Product(s): Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libsvn_auth_gnome_keyring-1-0-1.10.6-lp151.4.3 is installed OR libsvn_auth_kwallet-1-0-1.10.6-lp151.4.3 is installed OR subversion-1.10.6-lp151.4.3 is installed OR subversion-bash-completion-1.10.6-lp151.4.3 is installed OR subversion-devel-1.10.6-lp151.4.3 is installed OR subversion-perl-1.10.6-lp151.4.3 is installed OR subversion-python-1.10.6-lp151.4.3 is installed OR subversion-python-ctypes-1.10.6-lp151.4.3 is installed OR subversion-ruby-1.10.6-lp151.4.3 is installed OR subversion-server-1.10.6-lp151.4.3 is installed OR subversion-tools-1.10.6-lp151.4.3 is installed Definition Synopsis openSUSE Leap 15.2 is installed AND Package Information gettext-csharp-0.19.8.1-lp152.6.3 is installed OR gettext-java-0.19.8.1-lp152.6.3 is installed OR gettext-runtime-0.19.8.1-lp152.6.3 is installed OR gettext-runtime-32bit-0.19.8.1-lp152.6.3 is installed OR gettext-runtime-mini-0.19.8.1-lp152.6.3 is installed OR gettext-runtime-mini-tools-doc-0.19.8.1-lp152.6.3 is installed OR gettext-runtime-tools-doc-0.19.8.1-lp152.6.3 is installed OR gettext-tools-0.19.8.1-lp152.6.3 is installed OR gettext-tools-mini-0.19.8.1-lp152.6.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information MozillaFirefox-60.6.1esr-109.63 is installed OR MozillaFirefox-translations-common-60.6.1esr-109.63 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information libpython3_4m1_0-3.4.10-25.52 is installed OR python3-3.4.10-25.52 is installed OR python3-base-3.4.10-25.52 is installed OR python3-curses-3.4.10-25.52 is installed OR python3-devel-3.4.10-25.52 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-LTSS is installed AND Package Information libraptor2-0-2.0.15-5.3 is installed OR raptor-2.0.15-5.3 is installed
BACK