[openSUSE-SU-2019:1811-1] Security update for MozillaFirefox
Severity
Important
Affected Packages
25
CVEs
10
Security update for MozillaFirefox
This update for MozillaFirefox, mozilla-nss fixes the following issues:
MozillaFirefox to version ESR 60.8:
- CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868).
- CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868).
- CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868).
- CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868).
- CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868).
- CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868).
- CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868).
- CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868).
- CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868).
- CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868).
mozilla-nss to version 3.44.1:
- Added IPSEC IKE support to softoken
- Many new FIPS test cases
This update was imported from the SUSE:SLE-15:Update update project.
- ID
- openSUSE-SU-2019:1811-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NPELIQJSVPILKWICIZT35XKU63YJVM3B/#NPELIQJSVPILKWICIZT35XKU63YJVM3B
- Published
-
2019-07-29T09:15:52
(5 years ago) - Modified
-
2019-07-29T09:15:52
(5 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2020-1355
- ALAS-2021-1522
- ALAS2-2019-1267
- ALAS2-2020-1379
- ALAS2-2020-1384
- ALAS2-2020-1559
- ALAS2-2024-2470
- ALPINE:CVE-2019-11709
- ALPINE:CVE-2019-11711
- ALPINE:CVE-2019-11712
- ALPINE:CVE-2019-11713
- ALPINE:CVE-2019-11715
- ALPINE:CVE-2019-11717
- ALPINE:CVE-2019-11719
- ALPINE:CVE-2019-11729
- ALPINE:CVE-2019-11730
- ALPINE:CVE-2019-9811
- ASA-201907-4
- DSA-4479-1
- DSA-4482-1
- ELSA-2019-1763
- ELSA-2019-1764
- ELSA-2019-1765
- ELSA-2019-1775
- ELSA-2019-1777
- ELSA-2019-1799
- ELSA-2019-1951
- ELSA-2019-4190
- ELSA-2020-4076
- FREEBSD:0592F49F-B3B8-4260-B648-D1718762656C
- GLSA-201908-12
- GLSA-201908-20
- MFSA-2019-21
- MFSA-2019-22
- MFSA-2019-23
- MFSA-2019-28
- openSUSE-SU-2019:1782-1
- openSUSE-SU-2019:1813-1
- openSUSE-SU-2019:1990-1
- openSUSE-SU-2019:2248-1
- openSUSE-SU-2019:2249-1
- openSUSE-SU-2019:2251-1
- openSUSE-SU-2019:2260-1
- RHSA-2019:1763
- RHSA-2019:1764
- RHSA-2019:1765
- RHSA-2019:1775
- RHSA-2019:1777
- RHSA-2019:1799
- RHSA-2019:1951
- RHSA-2019:4190
- RHSA-2020:4076
- SSA:2019-191-01
- SUSE-SU-2019:1861-1
- SUSE-SU-2019:1861-2
- SUSE-SU-2019:1861-3
- SUSE-SU-2019:1869-1
- SUSE-SU-2019:1960-1
- SUSE-SU-2019:2515-1
- SUSE-SU-2019:2545-1
- SUSE-SU-2019:2620-1
- USN-4054-1
- USN-4060-1
- USN-4060-2
- USN-4064-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/opensuse/mozilla-nss?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | mozilla-nss | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/mozilla-nss?arch=i586&distro=opensuse-leap-15.0 | opensuse | mozilla-nss | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
Affected | pkg:rpm/opensuse/mozilla-nss-tools?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | mozilla-nss-tools | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/mozilla-nss-tools?arch=i586&distro=opensuse-leap-15.0 | opensuse | mozilla-nss-tools | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
Affected | pkg:rpm/opensuse/mozilla-nss-sysinit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | mozilla-nss-sysinit | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/mozilla-nss-sysinit?arch=i586&distro=opensuse-leap-15.0 | opensuse | mozilla-nss-sysinit | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
Affected | pkg:rpm/opensuse/mozilla-nss-sysinit-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | mozilla-nss-sysinit-32bit | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/mozilla-nss-devel?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | mozilla-nss-devel | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/mozilla-nss-devel?arch=i586&distro=opensuse-leap-15.0 | opensuse | mozilla-nss-devel | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
Affected | pkg:rpm/opensuse/mozilla-nss-certs?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | mozilla-nss-certs | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/mozilla-nss-certs?arch=i586&distro=opensuse-leap-15.0 | opensuse | mozilla-nss-certs | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
Affected | pkg:rpm/opensuse/mozilla-nss-certs-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | mozilla-nss-certs-32bit | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/mozilla-nss-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | mozilla-nss-32bit | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/libsoftokn3?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | libsoftokn3 | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/libsoftokn3?arch=i586&distro=opensuse-leap-15.0 | opensuse | libsoftokn3 | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
Affected | pkg:rpm/opensuse/libsoftokn3-hmac?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | libsoftokn3-hmac | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/libsoftokn3-hmac?arch=i586&distro=opensuse-leap-15.0 | opensuse | libsoftokn3-hmac | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
Affected | pkg:rpm/opensuse/libsoftokn3-hmac-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | libsoftokn3-hmac-32bit | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/libsoftokn3-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | libsoftokn3-32bit | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/libfreebl3?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | libfreebl3 | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/libfreebl3?arch=i586&distro=opensuse-leap-15.0 | opensuse | libfreebl3 | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
Affected | pkg:rpm/opensuse/libfreebl3-hmac?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | libfreebl3-hmac | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/libfreebl3-hmac?arch=i586&distro=opensuse-leap-15.0 | opensuse | libfreebl3-hmac | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
Affected | pkg:rpm/opensuse/libfreebl3-hmac-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | libfreebl3-hmac-32bit | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
Affected | pkg:rpm/opensuse/libfreebl3-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse | libfreebl3-32bit | < 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |