[SSA:2019-169-02] mozilla-firefox

Severity High

Affected Packages 4

CVEs 1

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog
patches/packages/mozilla-firefox-60.7.1esr-i686-1_slack14.2.txz: Upgraded. This release contains a security fix and improvements. The patched flaw is considered critical, and could be used to run attacker code and install software, requiring no user interaction beyond normal browsing. For more information, see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11707 (* Security fix *)

Where to find the new packages

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-60.7.1esr-i686-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-60.7.1esr-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-60.7.1esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-60.7.1esr-x86_64-1.txz

MD5 signatures

Slackware 14.2 package:
548ce80fee109ab4d9073471e70c054f mozilla-firefox-60.7.1esr-i686-1_slack14.2.txz

Slackware x86_64 14.2 package:
1cbaf4d8609f5f091791fa680a15036d mozilla-firefox-60.7.1esr-x86_64-1_slack14.2.txz

Slackware -current package:
cbf523009a95294c7667c291faede844 xap/mozilla-firefox-60.7.1esr-i686-1.txz

Slackware x86_64 -current package:
66cac99f299f7a49ac2ceab64d34c965 xap/mozilla-firefox-60.7.1esr-x86_64-1.txz

Installation instructions

Upgrade the package as root:
# upgradepkg mozilla-firefox-60.7.1esr-i686-1_slack14.2.txz

Package	Affected Version
pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-current	< 60.7.1esr
pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-14.2	< 60.7.1esr
pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-current	< 60.7.1esr
pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-14.2	< 60.7.1esr

ID

SSA:2019-169-02

Severity

high

Severity from

CVE-2019-11707

URL

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.381835

Published

2019-06-18T22:33:29
(5 years ago)

Modified

2019-06-18T22:33:29
(5 years ago)

Rights

Slackware Linux Security Team

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-current	slackware	mozilla-firefox	< 60.7.1esr	slackware64-current	x86_64
Affected	pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-14.2	slackware	mozilla-firefox	< 60.7.1esr	slackware64-14.2	x86_64
Affected	pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-current	slackware	mozilla-firefox	< 60.7.1esr	slackware-current	i686
Affected	pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-14.2	slackware	mozilla-firefox	< 60.7.1esr	slackware-14.2	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date