Mageia Advisory: MGASA-2019-0211 - Updated firefox packages fix security vulnerability

Updated firefox packages fix security vulnerability

Publication date: 21 Jul 2019
Modification date: 21 Jul 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-9811 , CVE-2019-11711 , CVE-2019-11712 , CVE-2019-11713 , CVE-2019-11729 , CVE-2019-11715 , CVE-2019-11717 , CVE-2019-11719 , CVE-2019-11730 , CVE-2019-11709

Description

Sandbox escape via installation of malicious language pack. (CVE-2019-9811)

Script injection within domain through inner window reuse. (CVE-2019-11711)

Cross-origin POST requests can be made with NPAPI plugins by following 308
redirects. (CVE-2019-11712)

Use-after-free with HTTP/2 cached stream. (CVE-2019-11713)

Empty or malformed p256-ECDH public keys may trigger a segmentation fault.
(CVE-2019-11729)

HTML parsing error can contribute to content XSS. (CVE-2019-11715)

Caret character improperly escaped in origins. (CVE-2019-11717)

Out-of-bounds read when importing curve25519 private key. (CVE-2019-11719)

Same-origin policy treats all files in a directory as having the
same-origin. (CVE-2019-11730)

Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8.
(CVE-2019-11709)

References

SRPMS

6/core

firefox-60.8.0-1.mga6
firefox-l10n-60.8.0-1.mga6
nss-3.36.8-1.1.mga6
rootcerts-20190604.00-1.mga6

Advisories » MGASA-2019-0211

Updated firefox packages fix security vulnerability

Description

References

SRPMS

6/core