[RHSA-2019:0966] firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 60.6.1 ESR. (BZ#1690308)
Security Fix(es):
Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788)
Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790)
Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791)
Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792)
Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810)
Mozilla: Ionmonkey type confusion with proto mutations (CVE-2019-9813)
Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793)
Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795)
Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796)
Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-8 | < 60.6.1-1.el8 |
pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-8 | < 60.6.1-1.el8 |
pkg:rpm/redhat/firefox?arch=ppc64le&distro=redhat-8 | < 60.6.1-1.el8 |
pkg:rpm/redhat/firefox?arch=aarch64&distro=redhat-8 | < 60.6.1-1.el8 |
- ID
- RHSA-2019:0966
- Severity
- critical
- URL
- https://access.redhat.com/errata/RHSA-2019:0966
- Published
-
2019-05-07T00:00:00
(5 years ago) - Modified
-
2019-05-07T00:00:00
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
- ALAS2-2019-1195
- ALPINE:CVE-2018-18506
- ALPINE:CVE-2019-9788
- ALPINE:CVE-2019-9790
- ALPINE:CVE-2019-9791
- ALPINE:CVE-2019-9792
- ALPINE:CVE-2019-9793
- ALPINE:CVE-2019-9795
- ALPINE:CVE-2019-9796
- ALPINE:CVE-2019-9810
- ALPINE:CVE-2019-9813
- ASA-201902-2
- ASA-201903-11
- ASA-201903-14
- ASA-201904-4
- DSA-4411-1
- DSA-4417-1
- DSA-4420-1
- ELSA-2019-0622
- ELSA-2019-0623
- ELSA-2019-0671
- ELSA-2019-0672
- ELSA-2019-0680
- ELSA-2019-0681
- ELSA-2019-0966
- ELSA-2019-1144
- FREEBSD:05DA6B56-3E66-4306-9EA3-89FAFE939726
- FREEBSD:B1F7D52F-FC42-48E8-8403-87D4C9D26229
- GLSA-201904-07
- MFSA-2019-01
- MFSA-2019-07
- MFSA-2019-08
- MFSA-2019-09
- MFSA-2019-10
- MFSA-2019-11
- MFSA-2019-12
- openSUSE-SU-2019:1077-1
- openSUSE-SU-2019:1126-1
- openSUSE-SU-2019:1162-1
- RHSA-2019:0622
- RHSA-2019:0623
- RHSA-2019:0671
- RHSA-2019:0672
- RHSA-2019:0680
- RHSA-2019:0681
- RHSA-2019:1144
- SSA:2019-081-01
- SUSE-SU-2019:0852-1
- SUSE-SU-2019:0853-1
- SUSE-SU-2019:0871-1
- USN-3874-1
- USN-3918-1
- USN-3918-2
- USN-3919-1
- USN-3927-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-8 | redhat | firefox | < 60.6.1-1.el8 | redhat-8 | x86_64 | |
Affected | pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-8 | redhat | firefox | < 60.6.1-1.el8 | redhat-8 | s390x | |
Affected | pkg:rpm/redhat/firefox?arch=ppc64le&distro=redhat-8 | redhat | firefox | < 60.6.1-1.el8 | redhat-8 | ppc64le | |
Affected | pkg:rpm/redhat/firefox?arch=aarch64&distro=redhat-8 | redhat | firefox | < 60.6.1-1.el8 | redhat-8 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |