{
  "schema_version": "1.7.0",
  "id": "MGASA-2019-0191",
  "published": "2019-06-10T19:17:03Z",
  "modified": "2019-06-10T18:39:55Z",
  "summary": "Updated firefox packages fix security vulnerabilities",
  "details": "Updated firefox packages fix security vulnerabilities.\n\nCross-origin theft of images with ImageBitmapRenderingContext.\n(CVE-2018-18511)\n\nOut-of-bounds read in Skia. (CVE-2019-5798)\n\nUse-after-free in png_image_free of libpng library. (CVE-2019-7317)\n\nCross-origin theft of images with createImageBitmap. (CVE-2019-9797)\n\nMemory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and firefox 60.7.\n(CVE-2019-9800)\n\nType confusion with object groups and UnboxedObjects. (CVE-2019-9816)\n\nStealing of cross-domain images using canvas. (CVE-2019-9817)\n\nUse-after-free in crash generation server. (CVE-2019-9818)\n\nCompartment mismatch with fetch API. (CVE-2019-9819)\n\nUse-after-free of ChromeEventHandler by DocShell. (CVE-2019-9820)\n\nUse-after-free in XMLHttpRequest. (CVE-2019-11691)\n\nUse-after-free removing listeners in the event listener manager.\n(CVE-2019-11692)\n\nBuffer overflow in WebGL bufferdata on Linux. (CVE-2019-11693)\n\nTheft of user history data through drag and drop of hyperlinks to and from\nbookmarks. (CVE-2019-11698)\n",
  "upstream": [
    "CVE-2018-18511",
    "CVE-2019-5798",
    "CVE-2019-7317",
    "CVE-2019-9797",
    "CVE-2019-9800",
    "CVE-2019-9816",
    "CVE-2019-9817",
    "CVE-2019-9818",
    "CVE-2019-9819",
    "CVE-2019-9820",
    "CVE-2019-11691",
    "CVE-2019-11692",
    "CVE-2019-11693",
    "CVE-2019-11698"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2019-0191.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=24864"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/en-US/firefox/60.7.0/releasenotes/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "firefox",
        "purl": "pkg:rpm/mageia/firefox?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "60.7.0-1.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "firefox-l10n",
        "purl": "pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "60.7.0-1.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}