advisories/25595.adv

type: security
subject: Updated firefox packages fix security vulnerabilities
CVE:
 - CVE-2019-11757
 - CVE-2019-11758
 - CVE-2019-11759
 - CVE-2019-11760
 - CVE-2019-11761
 - CVE-2019-11762
 - CVE-2019-11763
 - CVE-2019-11764
 - CVE-2019-15903
src:
  7:
   core:
     - firefox-68.2.0-1.mga7
     - firefox-l10n-68.2.0-1.mga7
     - nspr-4.23-1.mga7
     - nss-3.47.0-1.mga7
     - rootcerts-20191011.00-1.mga7
description: |
  The updated packages fix several bugs and some security issues:

  Use-after-free when creating index updates in IndexedDB.
  (CVE-2019-11757)

  Potentially exploitable crash due to 360 Total Security.
  (CVE-2019-11758)

  Stack buffer overflow in HKDF output. (CVE-2019-11759)

  Stack buffer overflow in WebRTC networking. (CVE-2019-11760)

  Unintended access to a privileged JSONView object. (CVE-2019-11761)

  document.domain-based origin isolation has same-origin-property violation.
  (CVE-2019-11762)

  Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763)

  Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2.
  (CVE-2019-11764)

  Heap overflow in expat library in XML_GetCurrentLineNumber.
  (CVE-2019-15903)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25595
 - https://www.mozilla.org/en-US/firefox/68.2.0/releasenotes/
 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/
 - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes
 - https://access.redhat.com/errata/RHSA-2019:3193
ID: MGASA-2019-0315
1	type: security
2	subject: Updated firefox packages fix security vulnerabilities
3	CVE:
4	- CVE-2019-11757
5	- CVE-2019-11758
6	- CVE-2019-11759
7	- CVE-2019-11760
8	- CVE-2019-11761
9	- CVE-2019-11762
10	- CVE-2019-11763
11	- CVE-2019-11764
12	- CVE-2019-15903
13	src:
14	7:
15	core:
16	- firefox-68.2.0-1.mga7
17	- firefox-l10n-68.2.0-1.mga7
18	- nspr-4.23-1.mga7
19	- nss-3.47.0-1.mga7
20	- rootcerts-20191011.00-1.mga7
21	description: \|
22	The updated packages fix several bugs and some security issues:
23
24	Use-after-free when creating index updates in IndexedDB.
25	(CVE-2019-11757)
26
27	Potentially exploitable crash due to 360 Total Security.
28	(CVE-2019-11758)
29
30	Stack buffer overflow in HKDF output. (CVE-2019-11759)
31
32	Stack buffer overflow in WebRTC networking. (CVE-2019-11760)
33
34	Unintended access to a privileged JSONView object. (CVE-2019-11761)
35
36	document.domain-based origin isolation has same-origin-property violation.
37	(CVE-2019-11762)
38
39	Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763)
40
41	Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2.
42	(CVE-2019-11764)
43
44	Heap overflow in expat library in XML_GetCurrentLineNumber.
45	(CVE-2019-15903)
46	references:
47	- https://bugs.mageia.org/show_bug.cgi?id=25595
48	- https://www.mozilla.org/en-US/firefox/68.2.0/releasenotes/
49	- https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/
50	- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes
51	- https://access.redhat.com/errata/RHSA-2019:3193
52	ID: MGASA-2019-0315