Updated firefox packages fix security vulnerabilities
Publication date: 08 Dec 2019Modification date: 08 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-13722 , CVE-2019-17005 , CVE-2019-17008 , CVE-2019-17009 , CVE-2019-17010 , CVE-2019-17011 , CVE-2019-17012
Description
Updated firefox packages fix security vulnerabilities:
Stack corruption due to incorrect number of arguments in WebRTC code.
(CVE-2019-13722)
Buffer overflow in plain text serializer. (CVE-2019-17005)
Use-after-free in worker destruction. (CVE-2019-17008)
Updater temporary files accessible to unprivileged processes.
(CVE-2019-17009)
Use-after-free when performing device orientation checks.
(CVE-2019-17010)
Use-after-free when retrieving a document in antitracking.
(CVE-2019-17011)
Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3.
(CVE-2019-17012)
References
- https://bugs.mageia.org/show_bug.cgi?id=25820
- https://www.mozilla.org/en-US/firefox/68.3.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17009
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012
SRPMS
7/core
- firefox-68.3.0-1.mga7
- firefox-l10n-68.3.0-1.mga7
- nspr-4.24-1.mga7