Updated firefox packages fix security vulnerability
Publication date: 21 Mar 2019Modification date: 21 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-18506 , CVE-2019-9788 , CVE-2019-9790 , CVE-2019-9791 , CVE-2019-9792 , CVE-2019-9793 , CVE-2019-9795 , CVE-2019-9796
Description
Proxy Auto-Configuration file can define localhost access to be proxied
(CVE-2018-18506).
Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
(CVE-2019-9788).
Use-after-free when removing in-use DOM elements (CVE-2019-9790).
Type inference is incorrect for constructors entered through on-stack
replacement with IonMonkey (CVE-2019-9791).
IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792).
Improper bounds checks when Spectre mitigations are disabled
(CVE-2019-9793).
Type-confusion in IonMonkey JIT compiler (CVE-2019-9795).
Use-after-free with SMIL animation controller (CVE-2019-9796).
References
- https://bugs.mageia.org/show_bug.cgi?id=24534
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
- https://access.redhat.com/errata/RHSA-2019:0622
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796
SRPMS
6/core
- firefox-60.6.0-2.mga6
- firefox-l10n-60.6.0-1.mga6
- nspr-4.21-1.mga6
- rootcerts-20190306.00-1.mga6
- nss-3.36.7-1.1.mga6