Parent Directory | Revision Log
MGASA-2019-0315: firefox-68.2.0-1.mga7, firefox-l10n-68.2.0-1.mga7, nspr-4.23-1.mga7, nss-3.47.0-1.mga7, rootcerts-20191011.00-1.mga7
1 | type: security |
2 | subject: Updated firefox packages fix security vulnerabilities |
3 | CVE: |
4 | - CVE-2019-11757 |
5 | - CVE-2019-11758 |
6 | - CVE-2019-11759 |
7 | - CVE-2019-11760 |
8 | - CVE-2019-11761 |
9 | - CVE-2019-11762 |
10 | - CVE-2019-11763 |
11 | - CVE-2019-11764 |
12 | - CVE-2019-15903 |
13 | src: |
14 | 7: |
15 | core: |
16 | - firefox-68.2.0-1.mga7 |
17 | - firefox-l10n-68.2.0-1.mga7 |
18 | - nspr-4.23-1.mga7 |
19 | - nss-3.47.0-1.mga7 |
20 | - rootcerts-20191011.00-1.mga7 |
21 | description: | |
22 | The updated packages fix several bugs and some security issues: |
23 | |
24 | Use-after-free when creating index updates in IndexedDB. |
25 | (CVE-2019-11757) |
26 | |
27 | Potentially exploitable crash due to 360 Total Security. |
28 | (CVE-2019-11758) |
29 | |
30 | Stack buffer overflow in HKDF output. (CVE-2019-11759) |
31 | |
32 | Stack buffer overflow in WebRTC networking. (CVE-2019-11760) |
33 | |
34 | Unintended access to a privileged JSONView object. (CVE-2019-11761) |
35 | |
36 | document.domain-based origin isolation has same-origin-property violation. |
37 | (CVE-2019-11762) |
38 | |
39 | Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763) |
40 | |
41 | Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2. |
42 | (CVE-2019-11764) |
43 | |
44 | Heap overflow in expat library in XML_GetCurrentLineNumber. |
45 | (CVE-2019-15903) |
46 | references: |
47 | - https://bugs.mageia.org/show_bug.cgi?id=25595 |
48 | - https://www.mozilla.org/en-US/firefox/68.2.0/releasenotes/ |
49 | - https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/ |
50 | - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes |
51 | - https://access.redhat.com/errata/RHSA-2019:3193 |
52 | ID: MGASA-2019-0315 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |