Oval Definition:oval:org.opensuse.security:def:74405
Revision Date:2020-12-01Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox to 68.1 fixes the following issues:

Security issues fixed:

- CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. (bsc#1140868) - CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. (bsc#1149294) - CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11714: Fixed a potentially exploitable crash in Necko. (bsc#1140868) - CVE-2019-11716: Fixed a sandbox bypass. (bsc#1140868) - CVE-2019-11718: Fixed inadequate sanitation in the Activity Stream component. (bsc#1140868) - CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) - CVE-2019-11721: Fixed a homograph domain spoofing issue through unicode latin 'kra' character. (bsc#1140868) - CVE-2019-11723: Fixed a cookie leakage during add-on fetching across private browsing boundaries. (bsc#1140868) - CVE-2019-11724: Fixed an outdated permission, granting access to retired site input.mozilla.org. (bsc#1140868) - CVE-2019-11725: Fixed a Safebrowsing bypass involving WebSockets. (bsc#1140868) - CVE-2019-11727: Fixed a vulnerability where it possible to force NSS to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. (bsc#1141322) - CVE-2019-11728: Fixed an improper handling of the Alt-Svc header that allowed remote port scans. (bsc#1140868) - CVE-2019-11733: Fixed an insufficient protection of stored passwords in 'Saved Logins'. (bnc#1145665) - CVE-2019-11735: Fixed several memory safety bugs. (bnc#1149293) - CVE-2019-11736: Fixed a file manipulation and privilege escalation in Mozilla Maintenance Service. (bnc#1149292) - CVE-2019-11738: Fixed a content security policy bypass through hash-based sources in directives. (bnc#1149302) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295)

Non-security issues fixed: - Latest update now also released for s390x. (bsc#1109465) - Fixed a segmentation fault on s390vsl082. (bsc#1117473) - Fixed a crash on SLES15 s390x. (bsc#1124525) - Fixed a segmentation fault. (bsc#1133810)

This update was imported from the SUSE:SLE-15:Update update project.
Family:unixClass:patch
Status:Reference(s):1051510
1065729
1071995
1085030
1109465
1111666
1112178
1113956
1114279
1117473
1120163
1123482
1124525
1133810
1138688
1140868
1141322
1144333
1145665
1148868
1149292
1149293
1149294
1149295
1149296
1149297
1149298
1149299
1149302
1149303
1149304
1149323
1150660
1151927
1152107
1152624
1158983
1159058
1161016
1162002
1162063
1163309
1166985
1167104
1168081
1168959
1169194
1169514
1169771
1169795
1170011
1170442
1170592
1170617
1170618
1171124
1171424
1171529
1171530
1171558
1171732
1171739
1171743
1171753
1171759
1171835
1171841
1171868
1171904
1171988
1172247
1172257
1172344
1172458
1172484
1172537
1172538
1172687
1172719
1172759
1172775
1172781
1172782
1172783
1172871
1172872
1172963
1172999
1173060
1173074
1173146
1173265
1173280
1173284
1173428
1173514
1173567
1173573
1173659
1173746
1173818
1173820
1173825
1173826
1173833
1173838
1173839
1173845
1173857
1174070
1174113
1174115
1174122
1174123
1174205
1174296
1174343
1174356
1174409
1174438
1174462
1174543
1174549
1174658
1174685
1174757
1174840
1174841
1174843
1174844
1174845
1174887
CVE-2019-11710
CVE-2019-11714
CVE-2019-11716
CVE-2019-11718
CVE-2019-11720
CVE-2019-11721
CVE-2019-11723
CVE-2019-11724
CVE-2019-11725
CVE-2019-11727
CVE-2019-11728
CVE-2019-11733
CVE-2019-11735
CVE-2019-11736
CVE-2019-11738
CVE-2019-11740
CVE-2019-11742
CVE-2019-11743
CVE-2019-11744
CVE-2019-11746
CVE-2019-11747
CVE-2019-11748
CVE-2019-11749
CVE-2019-11750
CVE-2019-11751
CVE-2019-11752
CVE-2019-11753
CVE-2019-16746
CVE-2019-20810
CVE-2019-20908
CVE-2019-9811
CVE-2019-9812
CVE-2020-0305
CVE-2020-10135
CVE-2020-10766
CVE-2020-10767
CVE-2020-10768
CVE-2020-10769
CVE-2020-10773
CVE-2020-10781
CVE-2020-12771
CVE-2020-12888
CVE-2020-13974
CVE-2020-14331
CVE-2020-14416
CVE-2020-15393
CVE-2020-15780
CVE-2020-16166
openSUSE-SU-2019:2251-1
openSUSE-SU-2020:1153-1
Platform(s):openSUSE Leap 15.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • MozillaFirefox-68.1.0-lp151.2.14 is installed
  • OR MozillaFirefox-branding-upstream-68.1.0-lp151.2.14 is installed
  • OR MozillaFirefox-buildsymbols-68.1.0-lp151.2.14 is installed
  • OR MozillaFirefox-devel-68.1.0-lp151.2.14 is installed
  • OR MozillaFirefox-translations-common-68.1.0-lp151.2.14 is installed
  • OR MozillaFirefox-translations-other-68.1.0-lp151.2.14 is installed
    • BACK