| Revision Date: | 2019-09-23 | Version: | 1 |
| Title: | Security update for MozillaFirefox (Important) |
| Description: |
This update for MozillaFirefox to ESR 60.9 fixes the following issues:
Security issues fixed:
- CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1149294
1149295
1149296
1149297
1149298
1149299
1149303
1149304
1149324
CVE-2019-11740
CVE-2019-11742
CVE-2019-11743
CVE-2019-11744
CVE-2019-11746
CVE-2019-11752
CVE-2019-11753
CVE-2019-9812
SUSE-SU-2019:2436-1
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP2-BCL
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information
MozillaFirefox-60.9.0-109.86.1 is installed
OR MozillaFirefox-devel-60.9.0-109.86.1 is installed
OR MozillaFirefox-translations-common-60.9.0-109.86.1 is installed
|