Advisories ยป MGASA-2019-0191

Updated firefox packages fix security vulnerabilities

Publication date: 10 Jun 2019
Modification date: 10 Jun 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-18511 , CVE-2019-5798 , CVE-2019-7317 , CVE-2019-9797 , CVE-2019-9800 , CVE-2019-9816 , CVE-2019-9817 , CVE-2019-9818 , CVE-2019-9819 , CVE-2019-9820 , CVE-2019-11691 , CVE-2019-11692 , CVE-2019-11693 , CVE-2019-11698


Updated firefox packages fix security vulnerabilities.

Cross-origin theft of images with ImageBitmapRenderingContext.

Out-of-bounds read in Skia. (CVE-2019-5798)

Use-after-free in png_image_free of libpng library. (CVE-2019-7317)

Cross-origin theft of images with createImageBitmap. (CVE-2019-9797)

Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and firefox 60.7.

Type confusion with object groups and UnboxedObjects. (CVE-2019-9816)

Stealing of cross-domain images using canvas. (CVE-2019-9817)

Use-after-free in crash generation server. (CVE-2019-9818)

Compartment mismatch with fetch API. (CVE-2019-9819)

Use-after-free of ChromeEventHandler by DocShell. (CVE-2019-9820)

Use-after-free in XMLHttpRequest. (CVE-2019-11691)

Use-after-free removing listeners in the event listener manager.

Buffer overflow in WebGL bufferdata on Linux. (CVE-2019-11693)

Theft of user history data through drag and drop of hyperlinks to and from
bookmarks. (CVE-2019-11698)