1 |
type: security |
2 |
subject: Updated firefox packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2018-18511 |
5 |
- CVE-2019-5798 |
6 |
- CVE-2019-7317 |
7 |
- CVE-2019-9797 |
8 |
- CVE-2019-9800 |
9 |
- CVE-2019-9816 |
10 |
- CVE-2019-9817 |
11 |
- CVE-2019-9818 |
12 |
- CVE-2019-9819 |
13 |
- CVE-2019-9820 |
14 |
- CVE-2019-11691 |
15 |
- CVE-2019-11692 |
16 |
- CVE-2019-11693 |
17 |
- CVE-2019-11698 |
18 |
src: |
19 |
6: |
20 |
core: |
21 |
- firefox-60.7.0-1.mga6 |
22 |
- firefox-l10n-60.7.0-1.mga6 |
23 |
description: | |
24 |
Updated firefox packages fix security vulnerabilities. |
25 |
|
26 |
Cross-origin theft of images with ImageBitmapRenderingContext. |
27 |
(CVE-2018-18511) |
28 |
|
29 |
Out-of-bounds read in Skia. (CVE-2019-5798) |
30 |
|
31 |
Use-after-free in png_image_free of libpng library. (CVE-2019-7317) |
32 |
|
33 |
Cross-origin theft of images with createImageBitmap. (CVE-2019-9797) |
34 |
|
35 |
Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and firefox 60.7. |
36 |
(CVE-2019-9800) |
37 |
|
38 |
Type confusion with object groups and UnboxedObjects. (CVE-2019-9816) |
39 |
|
40 |
Stealing of cross-domain images using canvas. (CVE-2019-9817) |
41 |
|
42 |
Use-after-free in crash generation server. (CVE-2019-9818) |
43 |
|
44 |
Compartment mismatch with fetch API. (CVE-2019-9819) |
45 |
|
46 |
Use-after-free of ChromeEventHandler by DocShell. (CVE-2019-9820) |
47 |
|
48 |
Use-after-free in XMLHttpRequest. (CVE-2019-11691) |
49 |
|
50 |
Use-after-free removing listeners in the event listener manager. |
51 |
(CVE-2019-11692) |
52 |
|
53 |
Buffer overflow in WebGL bufferdata on Linux. (CVE-2019-11693) |
54 |
|
55 |
Theft of user history data through drag and drop of hyperlinks to and from |
56 |
bookmarks. (CVE-2019-11698) |
57 |
references: |
58 |
- https://bugs.mageia.org/show_bug.cgi?id=24864 |
59 |
- https://www.mozilla.org/en-US/firefox/60.7.0/releasenotes/ |
60 |
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/ |
61 |
ID: MGASA-2019-0191 |