Updated firefox packages fix security vulnerabilities
Publication date: 10 Jun 2019Modification date: 10 Jun 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-18511 , CVE-2019-5798 , CVE-2019-7317 , CVE-2019-9797 , CVE-2019-9800 , CVE-2019-9816 , CVE-2019-9817 , CVE-2019-9818 , CVE-2019-9819 , CVE-2019-9820 , CVE-2019-11691 , CVE-2019-11692 , CVE-2019-11693 , CVE-2019-11698
Description
Updated firefox packages fix security vulnerabilities.
Cross-origin theft of images with ImageBitmapRenderingContext.
(CVE-2018-18511)
Out-of-bounds read in Skia. (CVE-2019-5798)
Use-after-free in png_image_free of libpng library. (CVE-2019-7317)
Cross-origin theft of images with createImageBitmap. (CVE-2019-9797)
Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and firefox 60.7.
(CVE-2019-9800)
Type confusion with object groups and UnboxedObjects. (CVE-2019-9816)
Stealing of cross-domain images using canvas. (CVE-2019-9817)
Use-after-free in crash generation server. (CVE-2019-9818)
Compartment mismatch with fetch API. (CVE-2019-9819)
Use-after-free of ChromeEventHandler by DocShell. (CVE-2019-9820)
Use-after-free in XMLHttpRequest. (CVE-2019-11691)
Use-after-free removing listeners in the event listener manager.
(CVE-2019-11692)
Buffer overflow in WebGL bufferdata on Linux. (CVE-2019-11693)
Theft of user history data through drag and drop of hyperlinks to and from
bookmarks. (CVE-2019-11698)
References
- https://bugs.mageia.org/show_bug.cgi?id=24864
- https://www.mozilla.org/en-US/firefox/60.7.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9818
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698
SRPMS
6/core
- firefox-60.7.0-1.mga6
- firefox-l10n-60.7.0-1.mga6