[RHSA-2019:0623] firefox security update

Severity Critical

Affected Packages 4

CVEs 8

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 60.6.0 ESR.

Security Fix(es):

Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788)
Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790)
Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791)
Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792)
Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793)
Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795)
Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796)
Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-6.10	< 60.6.0-3.el6_10
pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-6.10	< 60.6.0-3.el6_10
pkg:rpm/redhat/firefox?arch=ppc64&distro=redhat-6.10	< 60.6.0-3.el6_10
pkg:rpm/redhat/firefox?arch=i686&distro=redhat-6.10	< 60.6.0-3.el6_10

ID

RHSA-2019:0623

Severity

critical

URL

https://access.redhat.com/errata/RHSA-2019:0623

Published

2019-03-20T00:00:00
(5 years ago)

Modified

2019-03-20T00:00:00
(5 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1690673	https://bugzilla.redhat.com/1690673
Bugzilla	1690674	https://bugzilla.redhat.com/1690674
Bugzilla	1690675	https://bugzilla.redhat.com/1690675
Bugzilla	1690676	https://bugzilla.redhat.com/1690676
Bugzilla	1690677	https://bugzilla.redhat.com/1690677
Bugzilla	1690678	https://bugzilla.redhat.com/1690678
Bugzilla	1690680	https://bugzilla.redhat.com/1690680
Bugzilla	1690681	https://bugzilla.redhat.com/1690681
RHSA	RHSA-2019:0623	https://access.redhat.com/errata/RHSA-2019:0623
CVE	CVE-2018-18506	https://access.redhat.com/security/cve/CVE-2018-18506
CVE	CVE-2019-9788	https://access.redhat.com/security/cve/CVE-2019-9788
CVE	CVE-2019-9790	https://access.redhat.com/security/cve/CVE-2019-9790
CVE	CVE-2019-9791	https://access.redhat.com/security/cve/CVE-2019-9791
CVE	CVE-2019-9792	https://access.redhat.com/security/cve/CVE-2019-9792
CVE	CVE-2019-9793	https://access.redhat.com/security/cve/CVE-2019-9793
CVE	CVE-2019-9795	https://access.redhat.com/security/cve/CVE-2019-9795
CVE	CVE-2019-9796	https://access.redhat.com/security/cve/CVE-2019-9796

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-6.10	redhat	firefox	< 60.6.0-3.el6_10	redhat-6.10	x86_64
Affected	pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-6.10	redhat	firefox	< 60.6.0-3.el6_10	redhat-6.10	s390x
Affected	pkg:rpm/redhat/firefox?arch=ppc64&distro=redhat-6.10	redhat	firefox	< 60.6.0-3.el6_10	redhat-6.10	ppc64
Affected	pkg:rpm/redhat/firefox?arch=i686&distro=redhat-6.10	redhat	firefox	< 60.6.0-3.el6_10	redhat-6.10	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date