[openSUSE-SU-2019:1811-1] Security update for MozillaFirefox
Severity
Important
Affected Packages
25
CVEs
10
Security update for MozillaFirefox
This update for MozillaFirefox, mozilla-nss fixes the following issues:
MozillaFirefox to version ESR 60.8:
- CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868).
- CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868).
- CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868).
- CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868).
- CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868).
- CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868).
- CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868).
- CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868).
- CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868).
- CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868).
mozilla-nss to version 3.44.1:
- Added IPSEC IKE support to softoken
- Many new FIPS test cases
This update was imported from the SUSE:SLE-15:Update update project.
- ID
- openSUSE-SU-2019:1811-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NPELIQJSVPILKWICIZT35XKU63YJVM3B/#NPELIQJSVPILKWICIZT35XKU63YJVM3B
- Published
-
2019-07-29T09:15:52
(5 years ago) - Modified
-
2019-07-29T09:15:52
(5 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS-2020-1355
-
ALAS-2021-1522
-
ALAS2-2019-1267
-
ALAS2-2020-1379
-
ALAS2-2020-1384
-
ALAS2-2020-1559
-
ALAS2-2024-2470
-
ALPINE:CVE-2019-11709
-
ALPINE:CVE-2019-11711
-
ALPINE:CVE-2019-11712
-
ALPINE:CVE-2019-11713
-
ALPINE:CVE-2019-11715
-
ALPINE:CVE-2019-11717
-
ALPINE:CVE-2019-11719
-
ALPINE:CVE-2019-11729
-
ALPINE:CVE-2019-11730
-
ALPINE:CVE-2019-9811
-
ASA-201907-4
-
DSA-4479-1
-
DSA-4482-1
-
ELSA-2019-1763
-
ELSA-2019-1764
-
ELSA-2019-1765
-
ELSA-2019-1775
-
ELSA-2019-1777
-
ELSA-2019-1799
-
ELSA-2019-1951
-
ELSA-2019-4190
-
ELSA-2020-4076
-
FREEBSD:0592F49F-B3B8-4260-B648-D1718762656C
-
GLSA-201908-12
-
GLSA-201908-20
-
MFSA-2019-21
-
MFSA-2019-22
-
MFSA-2019-23
-
MFSA-2019-28
-
openSUSE-SU-2019:1782-1
-
openSUSE-SU-2019:1813-1
-
openSUSE-SU-2019:1990-1
-
openSUSE-SU-2019:2248-1
-
openSUSE-SU-2019:2249-1
-
openSUSE-SU-2019:2251-1
-
openSUSE-SU-2019:2260-1
-
RHSA-2019:1763
-
RHSA-2019:1764
-
RHSA-2019:1765
-
RHSA-2019:1775
-
RHSA-2019:1777
-
RHSA-2019:1799
-
RHSA-2019:1951
-
RHSA-2019:4190
-
RHSA-2020:4076
-
SSA:2019-191-01
-
SUSE-SU-2019:1861-1
-
SUSE-SU-2019:1861-2
-
SUSE-SU-2019:1861-3
-
SUSE-SU-2019:1869-1
-
SUSE-SU-2019:1960-1
-
SUSE-SU-2019:2515-1
-
SUSE-SU-2019:2545-1
-
SUSE-SU-2019:2620-1
-
USN-4054-1
-
USN-4060-1
-
USN-4060-2
-
USN-4064-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/opensuse/mozilla-nss?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
 mozilla-nss
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/mozilla-nss?arch=i586&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
| Affected | pkg:rpm/opensuse/mozilla-nss-tools?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss-tools
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/mozilla-nss-tools?arch=i586&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss-tools
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
| Affected | pkg:rpm/opensuse/mozilla-nss-sysinit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss-sysinit
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/mozilla-nss-sysinit?arch=i586&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss-sysinit
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
| Affected | pkg:rpm/opensuse/mozilla-nss-sysinit-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss-sysinit-32bit
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/mozilla-nss-devel?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss-devel
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/mozilla-nss-devel?arch=i586&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss-devel
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
| Affected | pkg:rpm/opensuse/mozilla-nss-certs?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss-certs
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/mozilla-nss-certs?arch=i586&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss-certs
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
| Affected | pkg:rpm/opensuse/mozilla-nss-certs-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss-certs-32bit
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/mozilla-nss-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
mozilla-nss-32bit
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/libsoftokn3?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
libsoftokn3
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/libsoftokn3?arch=i586&distro=opensuse-leap-15.0 | opensuse |
libsoftokn3
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
| Affected | pkg:rpm/opensuse/libsoftokn3-hmac?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
libsoftokn3-hmac
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/libsoftokn3-hmac?arch=i586&distro=opensuse-leap-15.0 | opensuse |
libsoftokn3-hmac
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
| Affected | pkg:rpm/opensuse/libsoftokn3-hmac-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
libsoftokn3-hmac-32bit
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/libsoftokn3-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
libsoftokn3-32bit
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/libfreebl3?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
libfreebl3
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/libfreebl3?arch=i586&distro=opensuse-leap-15.0 | opensuse |
libfreebl3
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
| Affected | pkg:rpm/opensuse/libfreebl3-hmac?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
libfreebl3-hmac
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/libfreebl3-hmac?arch=i586&distro=opensuse-leap-15.0 | opensuse |
libfreebl3-hmac
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | i586 | |
| Affected | pkg:rpm/opensuse/libfreebl3-hmac-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
libfreebl3-hmac-32bit
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/libfreebl3-32bit?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
libfreebl3-32bit
|
< 3.44.1-lp150.2.24.1 | opensuse-leap-15.0 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |