Advisories ยป MGASA-2019-0315

Updated firefox packages fix security vulnerabilities

Publication date: 07 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-11757 , CVE-2019-11758 , CVE-2019-11759 , CVE-2019-11760 , CVE-2019-11761 , CVE-2019-11762 , CVE-2019-11763 , CVE-2019-11764 , CVE-2019-15903


The updated packages fix several bugs and some security issues:

Use-after-free when creating index updates in IndexedDB.

Potentially exploitable crash due to 360 Total Security.

Stack buffer overflow in HKDF output. (CVE-2019-11759)

Stack buffer overflow in WebRTC networking. (CVE-2019-11760)

Unintended access to a privileged JSONView object. (CVE-2019-11761)

document.domain-based origin isolation has same-origin-property violation.

Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763)

Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2.

Heap overflow in expat library in XML_GetCurrentLineNumber.