Advisories ยป MGASA-2019-0376

Updated firefox packages fix security vulnerabilities

Publication date: 08 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-13722 , CVE-2019-17005 , CVE-2019-17008 , CVE-2019-17009 , CVE-2019-17010 , CVE-2019-17011 , CVE-2019-17012


Updated firefox packages fix security vulnerabilities:

Stack corruption due to incorrect number of arguments in WebRTC code.

Buffer overflow in plain text serializer. (CVE-2019-17005)

Use-after-free in worker destruction. (CVE-2019-17008)

Updater temporary files accessible to unprivileged processes. 

Use-after-free when performing device orientation checks.

Use-after-free when retrieving a document in antitracking.

Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3.