[openSUSE-SU-2019:2251-1] Security update for MozillaFirefox
Severity
Important
Affected Packages
6
CVEs
29
Security update for MozillaFirefox
This update for MozillaFirefox to 68.1 fixes the following issues:
Security issues fixed:
- CVE-2019-9811: Fixed a sandbox escape via installation of malicious language pack. (bsc#1140868)
- CVE-2019-9812: Fixed a sandbox escape through Firefox Sync. (bsc#1149294)
- CVE-2019-11710: Fixed several memory safety bugs. (bsc#1140868)
- CVE-2019-11714: Fixed a potentially exploitable crash in Necko. (bsc#1140868)
- CVE-2019-11716: Fixed a sandbox bypass. (bsc#1140868)
- CVE-2019-11718: Fixed inadequate sanitation in the Activity Stream component. (bsc#1140868)
- CVE-2019-11720: Fixed a character encoding XSS vulnerability. (bsc#1140868)
- CVE-2019-11721: Fixed a homograph domain spoofing issue through unicode latin 'kra' character. (bsc#1140868)
- CVE-2019-11723: Fixed a cookie leakage during add-on fetching across private browsing boundaries. (bsc#1140868)
- CVE-2019-11724: Fixed an outdated permission, granting access to retired site input.mozilla.org. (bsc#1140868)
- CVE-2019-11725: Fixed a Safebrowsing bypass involving WebSockets. (bsc#1140868)
- CVE-2019-11727: Fixed a vulnerability where it possible to force NSS to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. (bsc#1141322)
- CVE-2019-11728: Fixed an improper handling of the Alt-Svc header that allowed remote port scans. (bsc#1140868)
- CVE-2019-11733: Fixed an insufficient protection of stored passwords in 'Saved Logins'. (bnc#1145665)
- CVE-2019-11735: Fixed several memory safety bugs. (bnc#1149293)
- CVE-2019-11736: Fixed a file manipulation and privilege escalation in Mozilla Maintenance Service. (bnc#1149292)
- CVE-2019-11738: Fixed a content security policy bypass through hash-based sources in directives. (bnc#1149302)
- CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299)
- CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303)
- CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298)
- CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304)
- CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297)
- CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296)
- CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295)
Non-security issues fixed:
- Latest update now also released for s390x. (bsc#1109465)
- Fixed a segmentation fault on s390vsl082. (bsc#1117473)
- Fixed a crash on SLES15 s390x. (bsc#1124525)
- Fixed a segmentation fault. (bsc#1133810)
This update was imported from the SUSE:SLE-15:Update update project.
Package | Affected Version |
---|---|
pkg:rpm/opensuse/MozillaFirefox?arch=x86_64&distro=opensuse-leap-15.1 | < 68.1.0-lp151.2.14.1 |
pkg:rpm/opensuse/MozillaFirefox-translations-other?arch=x86_64&distro=opensuse-leap-15.1 | < 68.1.0-lp151.2.14.1 |
pkg:rpm/opensuse/MozillaFirefox-translations-common?arch=x86_64&distro=opensuse-leap-15.1 | < 68.1.0-lp151.2.14.1 |
pkg:rpm/opensuse/MozillaFirefox-devel?arch=x86_64&distro=opensuse-leap-15.1 | < 68.1.0-lp151.2.14.1 |
pkg:rpm/opensuse/MozillaFirefox-buildsymbols?arch=x86_64&distro=opensuse-leap-15.1 | < 68.1.0-lp151.2.14.1 |
pkg:rpm/opensuse/MozillaFirefox-branding-upstream?arch=x86_64&distro=opensuse-leap-15.1 | < 68.1.0-lp151.2.14.1 |
- ID
- openSUSE-SU-2019:2251-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/D6AIQRJID7DIPCU5KTEO6R57LSZRFM6K/#D6AIQRJID7DIPCU5KTEO6R57LSZRFM6K
- Published
-
2019-10-04T22:24:43
(5 years ago) - Modified
-
2019-10-04T22:24:43
(5 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2021-1522
- ALAS2-2019-1267
- ALAS2-2019-1304
- ALAS2-2020-1559
- ALPINE:CVE-2019-11733
- ALPINE:CVE-2019-11740
- ALPINE:CVE-2019-11742
- ALPINE:CVE-2019-11743
- ALPINE:CVE-2019-11744
- ALPINE:CVE-2019-11746
- ALPINE:CVE-2019-11752
- ALPINE:CVE-2019-9811
- ALPINE:CVE-2019-9812
- ASA-201907-4
- ASA-201908-11
- ASA-201909-2
- DSA-4479-1
- DSA-4482-1
- DSA-4516-1
- DSA-4523-1
- ELSA-2019-1763
- ELSA-2019-1764
- ELSA-2019-1765
- ELSA-2019-1775
- ELSA-2019-1777
- ELSA-2019-1799
- ELSA-2019-1951
- ELSA-2019-2663
- ELSA-2019-2694
- ELSA-2019-2729
- ELSA-2019-2773
- ELSA-2019-2774
- ELSA-2019-2807
- ELSA-2020-4076
- FREEBSD:05463E0A-ABD3-4FA4-BD5F-CD5ED132D4C6
- FREEBSD:0592F49F-B3B8-4260-B648-D1718762656C
- FREEBSD:0F31B4E9-C827-11E9-9626-589CFC01894A
- GLSA-201908-12
- GLSA-201908-20
- GLSA-201911-07
- MFSA-2019-21
- MFSA-2019-22
- MFSA-2019-23
- MFSA-2019-24
- MFSA-2019-25
- MFSA-2019-26
- MFSA-2019-27
- MFSA-2019-28
- MFSA-2019-29
- MFSA-2019-30
- openSUSE-SU-2019:1782-1
- openSUSE-SU-2019:1811-1
- openSUSE-SU-2019:1813-1
- openSUSE-SU-2019:1990-1
- openSUSE-SU-2019:2248-1
- openSUSE-SU-2019:2249-1
- openSUSE-SU-2019:2260-1
- RHSA-2019:1763
- RHSA-2019:1764
- RHSA-2019:1765
- RHSA-2019:1775
- RHSA-2019:1777
- RHSA-2019:1799
- RHSA-2019:1951
- RHSA-2019:2663
- RHSA-2019:2694
- RHSA-2019:2729
- RHSA-2019:2773
- RHSA-2019:2774
- RHSA-2019:2807
- RHSA-2020:4076
- SSA:2019-191-01
- SUSE-SU-2019:1861-1
- SUSE-SU-2019:1861-2
- SUSE-SU-2019:1861-3
- SUSE-SU-2019:1869-1
- SUSE-SU-2019:1960-1
- SUSE-SU-2019:2436-1
- SUSE-SU-2019:2515-1
- SUSE-SU-2019:2545-1
- SUSE-SU-2019:2620-1
- USN-4054-1
- USN-4060-1
- USN-4064-1
- USN-4101-1
- USN-4122-1
- USN-4150-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/opensuse/MozillaFirefox?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaFirefox | < 68.1.0-lp151.2.14.1 | opensuse-leap-15.1 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaFirefox-translations-other?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaFirefox-translations-other | < 68.1.0-lp151.2.14.1 | opensuse-leap-15.1 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaFirefox-translations-common?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaFirefox-translations-common | < 68.1.0-lp151.2.14.1 | opensuse-leap-15.1 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaFirefox-devel?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaFirefox-devel | < 68.1.0-lp151.2.14.1 | opensuse-leap-15.1 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaFirefox-buildsymbols?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaFirefox-buildsymbols | < 68.1.0-lp151.2.14.1 | opensuse-leap-15.1 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaFirefox-branding-upstream?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaFirefox-branding-upstream | < 68.1.0-lp151.2.14.1 | opensuse-leap-15.1 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |