1. Home
  2. Security Advisories
  3. Slackware Linux
  4. SSA:2019-191-01

[SSA:2019-191-01] mozilla-firefox

Severity Critical
Affected Packages 4
CVEs 10
Info Packages Vulnerabilities

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog

patches/packages/mozilla-firefox-68.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements. Some of the patched
flaws are considered critical, and could be used to run attacker code and
install software, requiring no user interaction beyond normal browsing.
For more information, see:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11709
(* Security fix *)

Where to find the new packages

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.0esr-i686-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.0esr-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.0esr-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.0esr-x86_64-1.txz

MD5 signatures

Slackware 14.2 package:
87b647c90470ff5ec0d284d0bb669b55 mozilla-firefox-68.0esr-i686-1_slack14.2.txz

Slackware x86_64 14.2 package:
40a642ea066ced5b4d97cf753c360f76 mozilla-firefox-68.0esr-x86_64-1_slack14.2.txz

Slackware -current package:
f0ef23f604b2e8fbf2972d78c3dcfd52 xap/mozilla-firefox-68.0esr-i686-1.txz

Slackware x86_64 -current package:
d379ec99b3c0f647de6c7b7a736b5a69 xap/mozilla-firefox-68.0esr-x86_64-1.txz

Installation instructions

Upgrade the package as root:
# upgradepkg mozilla-firefox-68.0esr-i686-1_slack14.2.txz

Package Affected Version
pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-current < 68.0esr
pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-14.2 < 68.0esr
pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-current < 68.0esr
pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-14.2 < 68.0esr
ID
SSA:2019-191-01
Severity
critical
Severity from
CVE-2019-11713
URL
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.427566
Published
2019-07-11T00:13:28
(5 years ago)
Modified
2019-07-11T00:13:28
(5 years ago)
Rights
Slackware Linux Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-current slackware mozilla-firefox < 68.0esr slackware64-current x86_64
Affected pkg:slackbuild/slackware/mozilla-firefox?arch=x86_64&distro=slackware64-14.2 slackware mozilla-firefox < 68.0esr slackware64-14.2 x86_64
Affected pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-current slackware mozilla-firefox < 68.0esr slackware-current i686
Affected pkg:slackbuild/slackware/mozilla-firefox?arch=i686&distro=slackware-14.2 slackware mozilla-firefox < 68.0esr slackware-14.2 i686
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date