Oval Definition:oval:org.opensuse.security:def:90529
Revision Date:2019-10-03Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox to 68.1 fixes the following issues:

Security issues fixed:

- CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. (bsc#1140868) - CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. (bsc#1149294) - CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868) - CVE-2019-11714: Fixed a potentially exploitable crash in Necko. (bsc#1140868) - CVE-2019-11716: Fixed a sandbox bypass. (bsc#1140868) - CVE-2019-11718: Fixed inadequate sanitation in the Activity Stream component. (bsc#1140868) - CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868) - CVE-2019-11721: Fixed a homograph domain spoofing issue through unicode latin 'kra' character. (bsc#1140868) - CVE-2019-11723: Fixed a cookie leakage during add-on fetching across private browsing boundaries. (bsc#1140868) - CVE-2019-11724: Fixed an outdated permission, granting access to retired site input.mozilla.org. (bsc#1140868) - CVE-2019-11725: Fixed a Safebrowsing bypass involving WebSockets. (bsc#1140868) - CVE-2019-11727: Fixed a vulnerability where it possible to force NSS to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. (bsc#1141322) - CVE-2019-11728: Fixed an improper handling of the Alt-Svc header that allowed remote port scans. (bsc#1140868) - CVE-2019-11733: Fixed an insufficient protection of stored passwords in 'Saved Logins'. (bnc#1145665) - CVE-2019-11735: Fixed several memory safety bugs. (bnc#1149293) - CVE-2019-11736: Fixed a file manipulation and privilege escalation in Mozilla Maintenance Service. (bnc#1149292) - CVE-2019-11738: Fixed a content security policy bypass through hash-based sources in directives. (bnc#1149302) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295)

Non-security issues fixed: - Latest update now also released for s390x. (bsc#1109465) - Fixed a segmentation fault on s390vsl082. (bsc#1117473) - Fixed a crash on SLES15 s390x. (bsc#1124525) - Fixed a segmentation fault. (bsc#1133810)
Family:unixClass:patch
Status:Reference(s):1109465
1117473
1123482
1124525
1133810
1138688
1140868
1141322
1145665
1149292
1149293
1149294
1149295
1149296
1149297
1149298
1149299
1149302
1149303
1149304
1149323
CVE-2019-11710
CVE-2019-11714
CVE-2019-11716
CVE-2019-11718
CVE-2019-11720
CVE-2019-11721
CVE-2019-11723
CVE-2019-11724
CVE-2019-11725
CVE-2019-11727
CVE-2019-11728
CVE-2019-11733
CVE-2019-11735
CVE-2019-11736
CVE-2019-11738
CVE-2019-11740
CVE-2019-11742
CVE-2019-11743
CVE-2019-11744
CVE-2019-11746
CVE-2019-11747
CVE-2019-11748
CVE-2019-11749
CVE-2019-11750
CVE-2019-11751
CVE-2019-11752
CVE-2019-11753
CVE-2019-9811
CVE-2019-9812
SUSE-SU-2019:2545-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • MozillaFirefox-68.1.0-3.54.2 is installed
  • OR MozillaFirefox-branding-SLE-68-4.8.5 is installed
  • OR MozillaFirefox-devel-68.1.0-3.54.2 is installed
  • OR MozillaFirefox-translations-common-68.1.0-3.54.2 is installed
  • OR MozillaFirefox-translations-other-68.1.0-3.54.2 is installed
  • BACK