[RHSA-2019:0966] firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 60.6.1 ESR. (BZ#1690308)
Security Fix(es):
Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788)
Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790)
Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791)
Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792)
Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810)
Mozilla: Ionmonkey type confusion with proto mutations (CVE-2019-9813)
Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793)
Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795)
Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796)
Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Package | Affected Version |
|---|---|
 pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-8
|
< 60.6.1-1.el8 |
|
pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-8
|
< 60.6.1-1.el8 |
|
pkg:rpm/redhat/firefox?arch=ppc64le&distro=redhat-8
|
< 60.6.1-1.el8 |
|
pkg:rpm/redhat/firefox?arch=aarch64&distro=redhat-8
|
< 60.6.1-1.el8 |
- ID
- RHSA-2019:0966
- Severity
- critical
- URL
- https://access.redhat.com/errata/RHSA-2019:0966
- Published
-
2019-05-07T00:00:00
(5 years ago) - Modified
-
2019-05-07T00:00:00
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
-
ALAS2-2019-1195
-
ALPINE:CVE-2018-18506
-
ALPINE:CVE-2019-9788
-
ALPINE:CVE-2019-9790
-
ALPINE:CVE-2019-9791
-
ALPINE:CVE-2019-9792
-
ALPINE:CVE-2019-9793
-
ALPINE:CVE-2019-9795
-
ALPINE:CVE-2019-9796
-
ALPINE:CVE-2019-9810
-
ALPINE:CVE-2019-9813
-
ASA-201902-2
-
ASA-201903-11
-
ASA-201903-14
-
ASA-201904-4
-
DSA-4411-1
-
DSA-4417-1
-
DSA-4420-1
-
ELSA-2019-0622
-
ELSA-2019-0623
-
ELSA-2019-0671
-
ELSA-2019-0672
-
ELSA-2019-0680
-
ELSA-2019-0681
-
ELSA-2019-0966
-
ELSA-2019-1144
-
FREEBSD:05DA6B56-3E66-4306-9EA3-89FAFE939726
-
FREEBSD:B1F7D52F-FC42-48E8-8403-87D4C9D26229
-
GLSA-201904-07
-
MFSA-2019-01
-
MFSA-2019-07
-
MFSA-2019-08
-
MFSA-2019-09
-
MFSA-2019-10
-
MFSA-2019-11
-
MFSA-2019-12
-
openSUSE-SU-2019:1077-1
-
openSUSE-SU-2019:1126-1
-
openSUSE-SU-2019:1162-1
-
RHSA-2019:0622
-
RHSA-2019:0623
-
RHSA-2019:0671
-
RHSA-2019:0672
-
RHSA-2019:0680
-
RHSA-2019:0681
-
RHSA-2019:1144
-
SSA:2019-081-01
-
SUSE-SU-2019:0852-1
-
SUSE-SU-2019:0853-1
-
SUSE-SU-2019:0871-1
-
USN-3874-1
-
USN-3918-1
-
USN-3918-2
-
USN-3919-1
-
USN-3927-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-8 | redhat |
firefox
|
< 60.6.1-1.el8 | redhat-8 | x86_64 | |
| Affected | pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-8 | redhat |
firefox
|
< 60.6.1-1.el8 | redhat-8 | s390x | |
| Affected | pkg:rpm/redhat/firefox?arch=ppc64le&distro=redhat-8 | redhat |
firefox
|
< 60.6.1-1.el8 | redhat-8 | ppc64le | |
| Affected | pkg:rpm/redhat/firefox?arch=aarch64&distro=redhat-8 | redhat |
firefox
|
< 60.6.1-1.el8 | redhat-8 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |