1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2019:2871-1

[SUSE-SU-2019:2871-1] Security update for MozillaFirefox, MozillaFirefox-branding-SLE

Severity Important
CVEs 9
Info References Vulnerabilities

Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:

Changes in MozillaFirefox:

Security issues fixed:

  • CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429).
  • CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738).
  • CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738).
  • CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738).
  • CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738).
  • CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738).
  • CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).
  • CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).
  • CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).

Non-security issues fixed:

  • Added Provides-line for translations-common (bsc#1153423) .
  • Moved some settings from branding-package here (bsc#1153869).
  • Disabled DoH by default.

Changes in MozillaFirefox-branding-SLE:

  • Moved extensions preferences to core package (bsc#1153869).
ID
SUSE-SU-2019:2871-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2019/suse-su-20192871-1/
Published
2019-10-31T07:49:41
(4 years ago)
Modified
2019-10-31T07:49:41
(4 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2871-1.json
Suse URL for SUSE-SU-2019:2871-1 https://www.suse.com/support/update/announcement/2019/suse-su-20192871-1/
Suse E-Mail link for SUSE-SU-2019:2871-1 https://www.suse.com/support/update/announcement/2019/suse-su-20192871-1.html
Bugzilla SUSE Bug 1104841 https://bugzilla.suse.com/1104841
Bugzilla SUSE Bug 1129528 https://bugzilla.suse.com/1129528
Bugzilla SUSE Bug 1137990 https://bugzilla.suse.com/1137990
Bugzilla SUSE Bug 1149429 https://bugzilla.suse.com/1149429
Bugzilla SUSE Bug 1151186 https://bugzilla.suse.com/1151186
Bugzilla SUSE Bug 1153423 https://bugzilla.suse.com/1153423
Bugzilla SUSE Bug 1153869 https://bugzilla.suse.com/1153869
Bugzilla SUSE Bug 1154738 https://bugzilla.suse.com/1154738
CVE SUSE CVE CVE-2019-11757 page https://www.suse.com/security/cve/CVE-2019-11757/
CVE SUSE CVE CVE-2019-11758 page https://www.suse.com/security/cve/CVE-2019-11758/
CVE SUSE CVE CVE-2019-11759 page https://www.suse.com/security/cve/CVE-2019-11759/
CVE SUSE CVE CVE-2019-11760 page https://www.suse.com/security/cve/CVE-2019-11760/
CVE SUSE CVE CVE-2019-11761 page https://www.suse.com/security/cve/CVE-2019-11761/
CVE SUSE CVE CVE-2019-11762 page https://www.suse.com/security/cve/CVE-2019-11762/
CVE SUSE CVE CVE-2019-11763 page https://www.suse.com/security/cve/CVE-2019-11763/
CVE SUSE CVE CVE-2019-11764 page https://www.suse.com/security/cve/CVE-2019-11764/
CVE SUSE CVE CVE-2019-15903 page https://www.suse.com/security/cve/CVE-2019-15903/
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date