Advisories » MGASA-2019-0131

Updated firefox packages fix security vulnerability

Publication date: 05 Apr 2019
Modification date: 05 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-9810 , CVE-2019-9813

Description

Incorrect alias information in IonMonkey JIT compiler for
Array.prototype.slice method may lead to missing bounds check and a buffer
overflow (CVE-2019-9810).

Incorrect handling of __proto__ mutations may lead to type confusion in
IonMonkey JIT code and can be leveraged for arbitrary memory read and
write (CVE-2019-9813).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24549
• https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/
• https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
• https://www.cve.org/CVERecord?id=CVE-2019-9810
• https://www.cve.org/CVERecord?id=CVE-2019-9813

SRPMS

6/core

• firefox-60.6.1-2.mga6
• firefox-l10n-60.6.1-1.mga6