type: security
subject: Updated firefox packages fix security vulnerability
CVE:
 - CVE-2019-9810
 - CVE-2019-9813
src:
  6:
   core:
     - firefox-60.6.1-2.mga6
     - firefox-l10n-60.6.1-1.mga6
description: |
  Incorrect alias information in IonMonkey JIT compiler for
  Array.prototype.slice method may lead to missing bounds check and a buffer
  overflow (CVE-2019-9810).

  Incorrect handling of __proto__ mutations may lead to type confusion in
  IonMonkey JIT code and can be leveraged for arbitrary memory read and
  write (CVE-2019-9813).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24549
 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/
 - https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
ID: MGASA-2019-0131