Advisories ยป MGASA-2019-0116

Updated firefox packages fix security vulnerability

Publication date: 21 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-18506 , CVE-2019-9788 , CVE-2019-9790 , CVE-2019-9791 , CVE-2019-9792 , CVE-2019-9793 , CVE-2019-9795 , CVE-2019-9796

Description

Proxy Auto-Configuration file can define localhost access to be proxied
(CVE-2018-18506).

Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
(CVE-2019-9788).

Use-after-free when removing in-use DOM elements (CVE-2019-9790).

Type inference is incorrect for constructors entered through on-stack
replacement with IonMonkey (CVE-2019-9791).

IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792).

Improper bounds checks when Spectre mitigations are disabled
(CVE-2019-9793).

Type-confusion in IonMonkey JIT compiler (CVE-2019-9795).

Use-after-free with SMIL animation controller (CVE-2019-9796).
                

References

SRPMS

6/core