[SSA:2019-141-01] mozilla-firefox

Severity Critical

Affected Packages 4

CVEs 16

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog
patches/packages/mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. Some of the patched flaws are considered critical, and could be used to run attacker code and install software, requiring no user interaction beyond normal browsing. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-7317 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2018-18511 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798 https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800 (* Security fix *)

Where to find the new packages

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.7.0esr-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.7.0esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.7.0esr-x86_64-1.txz

MD5 signatures

Slackware 14.2 package:
9bb86b28639fe241a285ae8868f6fd3c mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz

Slackware x86_64 14.2 package:
71cfd983350a89459015e89af1f4cf46 mozilla-firefox-60.7.0esr-x86_64-1_slack14.2.txz

Slackware -current package:
02f5b3d10ba9ef7a094f862b1a9b4120 xap/mozilla-firefox-60.7.0esr-i686-1.txz

Slackware x86_64 -current package:
b4ccd8857ce8355105c0595cf2d84154 xap/mozilla-firefox-60.7.0esr-x86_64-1.txz

Installation instructions

Upgrade the package as root:
# upgradepkg mozilla-firefox-60.7.0esr-i686-1_slack14.2.txz

Package	Affected Version
pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-current	< 60.7.0esr
pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-14.2	< 60.7.0esr
pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-current	< 60.7.0esr
pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-14.2	< 60.7.0esr

ID

SSA:2019-141-01

Severity

critical

Severity from

CVE-2019-9819

URL

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.480262

Published

2019-05-21T23:35:28
(5 years ago)

Modified

2019-05-21T23:35:28
(5 years ago)

Rights

Slackware Linux Security Team

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-current	slackware	mozilla-firefox	< 60.7.0esr	slackware64-current	x86_64
Affected	pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-14.2	slackware	mozilla-firefox	< 60.7.0esr	slackware64-14.2	x86_64
Affected	pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-current	slackware	mozilla-firefox	< 60.7.0esr	slackware-current	i686
Affected	pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-14.2	slackware	mozilla-firefox	< 60.7.0esr	slackware-14.2	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date