Advisories ยป MGASA-2019-0267

Updated firefox packages fix security vulnerabilities

Publication date: 12 Sep 2019
Modification date: 12 Sep 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-9812 , CVE-2019-11740 , CVE-2019-11742 , CVE-2019-11743 , CVE-2019-11744 , CVE-2019-11746 , CVE-2019-11752 , CVE-2019-11753


The updated packages fix several bugs and some security issues:

Sandbox escape through Firefox Sync. (CVE-2019-9812)

Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
ESR 60.9. (CVE-2019-11740)

Same-origin policy violation with SVG filters and canvas to steal
cross-origin images. (CVE-2019-11742)

Cross-origin access to unload event attributes. (CVE-2019-11743)

XSS by breaking out of title and textarea elements using innerHTML.

Use-after-free while manipulating video. (CVE-2019-11746)

Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752)

Privilege escalation with Mozilla Maintenance Service in custom Firefox
installation location. (CVE-2019-11753)