Oval Definition:oval:org.opensuse.security:def:65184
Revision Date:2020-12-01Version:1
Title:Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important)
Description:

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:

Changes in MozillaFirefox:

Security issues fixed:

- CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).

Non-security issues fixed:

- Added Provides-line for translations-common (bsc#1153423) . - Moved some settings from branding-package here (bsc#1153869). - Disabled DoH by default.

Changes in MozillaFirefox-branding-SLE:

- Moved extensions preferences to core package (bsc#1153869).

Family:unixClass:patch
Status:Reference(s):1051510
1054914
1055117
1061840
1065600
1065729
1071995
1082555
1104841
1104967
1109158
1111666
1113722
1114279
1119086
1123034
1127988
1129528
1131304
1137069
1137865
1137959
1137982
1137990
1140155
1141013
1142076
1142635
1146042
1146519
1146540
1146664
1148133
1148712
1148868
1149313
1149429
1149446
1149555
1149651
1150305
1150381
1150423
1150846
1151067
1151186
1151192
1151350
1151610
1151661
1151662
1151667
1151680
1151891
1151955
1152024
1152025
1152026
1152161
1152187
1152243
1152325
1152457
1152460
1152466
1152525
1152972
1152974
1152975
1153423
1153869
1154738
CVE-2017-18595
CVE-2019-11757
CVE-2019-11758
CVE-2019-11759
CVE-2019-11760
CVE-2019-11761
CVE-2019-11762
CVE-2019-11763
CVE-2019-11764
CVE-2019-14821
CVE-2019-15291
CVE-2019-15903
CVE-2019-9506
SUSE-SU-2019:2710-1
SUSE-SU-2019:2871-1
Platform(s):SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for Development Tools 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • MozillaFirefox-68.2.0-3.59 is installed
  • OR MozillaFirefox-branding-SLE-68-4.11 is installed
  • OR MozillaFirefox-devel-68.2.0-3.59 is installed
  • OR MozillaFirefox-translations-common-68.2.0-3.59 is installed
  • OR MozillaFirefox-translations-other-68.2.0-3.59 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP1 is installed
  • AND Package Information
  • kernel-docs-4.12.14-197.21 is installed
  • OR kernel-obs-build-4.12.14-197.21 is installed
  • OR kernel-source-4.12.14-197.21 is installed
  • OR kernel-syms-4.12.14-197.21 is installed
    • BACK