Advisories ยป MGASA-2019-0376

Updated firefox packages fix security vulnerabilities

Publication date: 08 Dec 2019
Modification date: 08 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-13722 , CVE-2019-17005 , CVE-2019-17008 , CVE-2019-17009 , CVE-2019-17010 , CVE-2019-17011 , CVE-2019-17012

Description

Updated firefox packages fix security vulnerabilities:

Stack corruption due to incorrect number of arguments in WebRTC code.
(CVE-2019-13722)

Buffer overflow in plain text serializer. (CVE-2019-17005)

Use-after-free in worker destruction. (CVE-2019-17008)

Updater temporary files accessible to unprivileged processes. 
(CVE-2019-17009)

Use-after-free when performing device orientation checks.
(CVE-2019-17010)

Use-after-free when retrieving a document in antitracking.
(CVE-2019-17011)

Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3.
(CVE-2019-17012)
                

References

SRPMS

7/core