ArchLinux: 201909-2: firefox: multiple issues

    Date11 Sep 2019
    CategoryArchLinux
    436
    Posted ByLinuxSecurity Advisories
    The package firefox before version 69.0-1 is vulnerable to multiple issues including arbitrary code execution, cross-site scripting, same- origin policy bypass, sandbox escape, access restriction bypass, denial of service and information disclosure.
    Arch Linux Security Advisory ASA-201909-2
    =========================================
    
    Severity: High
    Date    : 2019-09-04
    CVE-ID  : CVE-2019-5849  CVE-2019-9812  CVE-2019-11734 CVE-2019-11735
              CVE-2019-11737 CVE-2019-11738 CVE-2019-11740 CVE-2019-11741
              CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746
              CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750
              CVE-2019-11752
    Package : firefox
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1036
    
    Summary
    =======
    
    The package firefox before version 69.0-1 is vulnerable to multiple
    issues including arbitrary code execution, cross-site scripting, same-
    origin policy bypass, sandbox escape, access restriction bypass, denial
    of service and information disclosure.
    
    Resolution
    ==========
    
    Upgrade to 69.0-1.
    
    # pacman -Syu "firefox>=69.0-1"
    
    The problems have been fixed upstream in version 69.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-5849 (information disclosure)
    
    An out-of-bounds read vulnerability exists in the Skia graphics library
    shipped in Firefox before 69.0, allowing for the possible leaking of
    data from memory.
    
    - CVE-2019-9812 (sandbox escape)
    
    In Firefox before 69.0, given a compromised sandboxed content process
    due to a separate vulnerability, it is possible to escape that sandbox
    by loading accounts.firefox.com in that process and forcing a log-in to
    a malicious Firefox Sync account. Preference settings that disable the
    sandbox are then synchronized to the local machine and the compromised
    browser would restart without the sandbox if a crash is triggered.
    
    - CVE-2019-11734 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox before 69.0. Some
    of these bugs showed evidence of memory corruption and Mozilla presumes
    that with enough effort some of these could be exploited to run
    arbitrary code.
    
    - CVE-2019-11735 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox before 69.0. Some
    of these bugs showed evidence of memory corruption and Mozilla presumes
    that with enough effort some of these could be exploited to run
    arbitrary code.
    
    - CVE-2019-11737 (access restriction bypass)
    
    In Firefox before 69.0, if a wildcard ('*') is specified for the host
    in Content Security Policy (CSP) directives, any port or path
    restriction of the directive will be ignored, leading to CSP directives
    not being properly applied to content.
    
    - CVE-2019-11738 (access restriction bypass)
    
    In Firefox before 69.0, if a Content Security Policy (CSP) directive is
    defined that uses a hash-based source that takes the empty string as
    input, execution of any javascript: URIs will be allowed. This could
    allow for malicious JavaScript content to be run, bypassing CSP
    permissions.
    
    - CVE-2019-11740 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox before 69.0. Some
    of these bugs showed evidence of memory corruption and Mozilla presumes
    that with enough effort some of these could be exploited to run
    arbitrary code.
    
    - CVE-2019-11741 (cross-site scripting)
    
    In Firefox before 69.0, a compromised sandboxed content process can
    perform a Universal Cross-site Scripting (UXSS) attack on content from
    any site it can cause to be loaded in the same process. Because
    addons.mozilla.org and accounts.firefox.com have close ties to the
    Firefox product, malicious manipulation of these sites within the
    browser can potentially be used to modify a user's Firefox
    configuration. These two sites will now be isolated into their own
    process and not allowed to be loaded in a standard content process.
    
    - CVE-2019-11742 (same-origin policy bypass)
    
    A same-origin policy violation can occur in Firefox before 69.0,
    allowing the theft of cross-origin images through a combination of SVG
    filters and a  element due to an error in how same-origin
    policy is applied to cached image content. The resulting same-origin
    policy violation could allow for data theft.
    
    - CVE-2019-11743 (information disclosure)
    
    In Firefox before 69.0, navigation events were not fully adhering to
    the W3C's "Navigation-Timing Level 2" draft specification in some
    instances for the unload event, which restricts access to detailed
    timing attributes to only be same-origin. This resulted in potential
    cross-origin information exposure of history through timing side-
    channel attacks.
    
    - CVE-2019-11744 (cross-site scripting)
    
    A security issue has been found in Firefox before 69.0. Some HTML
    elements, such as  and <textarea>, can contain literal angle
    brackets without treating them as markup. It is possible to pass a
    literal closing tag to .innerHTML on these elements, and subsequent
    content after that will be parsed as if it were outside the tag. This
    can lead to XSS if a site does not filter user input as strictly for
    these elements as it does for other elements.
    
    - CVE-2019-11746 (arbitrary code execution)
    
    A use-after-free vulnerability can occur in Firefox before 69.0 while
    manipulating video elements if the body is freed while still in use.
    This results in a potentially exploitable crash.
    
    - CVE-2019-11747 (access restriction bypass)
    
    The "Forget about this site" feature in the History pane is intended to
    remove all saved user data that indicates a user has visited a site.
    This includes removing any HTTP Strict Transport Security (HSTS)
    settings received from sites that use it. Due to a bug in Firefox
    before 69.0, sites on the pre-load list also have their HSTS setting
    removed. On the next visit to that site if the user specifies an http:
    URL rather than secure https: they will not be protected by the pre-
    loaded HSTS setting. After that visit the site's HSTS setting will be
    restored.
    
    - CVE-2019-11748 (access restriction bypass)
    
    WebRTC in Firefox before 69.0 will honor persisted permissions given to
    sites for access to microphone and camera resources even when in a
    third-party context. In light of recent high profile vulnerabilities in
    other software, a decision was made to no longer persist these
    permissions. This avoids the possibility of trusted WebRTC resources
    being invisibly embedded in web content and abusing permissions
    previously given by users. Users will now be prompted for permissions
    on each use.
    
    - CVE-2019-11749 (information disclosure)
    
    A vulnerability exists in the WebRTC component of Firefox before 69.0
    where malicious web content can use probing techniques on the
    getUserMedia API using constraints to reveal device properties of
    cameras on the system without triggering a user prompt or notification.
    This allows for the potential fingerprinting of users.
    
    - CVE-2019-11750 (denial of service)
    
    A type confusion vulnerability exists in the Spidermonkey component of
    Firefox before 69.0, which results in a non-exploitable crash.
    
    - CVE-2019-11752 (arbitrary code execution)
    
    In Firefox before 69.0, it is possible to delete an IndexedDB key value
    and subsequently try to extract it during conversion. This results in a
    use-after-free and a potentially exploitable crash.
    
    Impact
    ======
    
    A remote attacker can bypass security measures, access sensitive
    information or execute arbitrary code on the affected host.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-5849
    https://bugzilla.mozilla.org/show_bug.cgi?id=1555838
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-9812
    https://bugzilla.mozilla.org/show_bug.cgi?id=1538008
    https://bugzilla.mozilla.org/show_bug.cgi?id=1538015
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11734
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1352875%2C1536227%2C1557208%2C1560641
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11735
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1561404%2C1561484%2C1568047%2C1561912%2C1565744%2C1568858%2C1570358
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11737
    https://bugzilla.mozilla.org/show_bug.cgi?id=1388015
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11738
    https://bugzilla.mozilla.org/show_bug.cgi?id=1452037
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11740
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741
    https://bugzilla.mozilla.org/show_bug.cgi?id=1539595
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11742
    https://bugzilla.mozilla.org/show_bug.cgi?id=1559715
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11743
    https://bugzilla.mozilla.org/show_bug.cgi?id=1560495
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11744
    https://bugzilla.mozilla.org/show_bug.cgi?id=1562033
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11746
    https://bugzilla.mozilla.org/show_bug.cgi?id=1564449
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11747
    https://bugzilla.mozilla.org/show_bug.cgi?id=1564481
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11748
    https://bugzilla.mozilla.org/show_bug.cgi?id=1564588
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11749
    https://bugzilla.mozilla.org/show_bug.cgi?id=1565374
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11750
    https://bugzilla.mozilla.org/show_bug.cgi?id=1568397
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11752
    https://bugzilla.mozilla.org/show_bug.cgi?id=1501152
    https://security.archlinux.org/CVE-2019-5849
    https://security.archlinux.org/CVE-2019-9812
    https://security.archlinux.org/CVE-2019-11734
    https://security.archlinux.org/CVE-2019-11735
    https://security.archlinux.org/CVE-2019-11737
    https://security.archlinux.org/CVE-2019-11738
    https://security.archlinux.org/CVE-2019-11740
    https://security.archlinux.org/CVE-2019-11741
    https://security.archlinux.org/CVE-2019-11742
    https://security.archlinux.org/CVE-2019-11743
    https://security.archlinux.org/CVE-2019-11744
    https://security.archlinux.org/CVE-2019-11746
    https://security.archlinux.org/CVE-2019-11747
    https://security.archlinux.org/CVE-2019-11748
    https://security.archlinux.org/CVE-2019-11749
    https://security.archlinux.org/CVE-2019-11750
    https://security.archlinux.org/CVE-2019-11752
    </font></pre> </div><ul class="pager pagenav"><li class="previous"><a class="hasTooltip" title="ArchLinux: 201909-3: exim: arbitrary command execution" aria-label="Previous article: ArchLinux: 201909-3: exim: arbitrary command execution" href="/advisories/archlinux/archlinux-201909-3-exim-arbitrary-command-execution-16-44-38" rel="prev"><span class="icon-chevron-left" aria-hidden="true"></span><span aria-hidden="true">Prev</span></a></li><li class="next"><a class="hasTooltip" title="ArchLinux: 201909-1: webkit2gtk: multiple issues" aria-label="Next article: ArchLinux: 201909-1: webkit2gtk: multiple issues" href="/advisories/archlinux/archlinux-201909-1-webkit2gtk-multiple-issues-16-37-48" rel="next"><span aria-hidden="true">Next</span><span class="icon-chevron-right" aria-hidden="true"></span></a></li></ul><div class="like-row row"><div class="like-col"><div class="like-btn"><div style="margin: 1px 0 3px;" class="likebtn_container"><span class="likebtn-wrapper" data-identifier="com_content.article_280240" data-engine="Joomla" data-engine_v="3.9.11" data-plugin_v="1.8" data-style="heartcross" data-item_url="https://linuxsecurity.com/advisories/archlinux/archlinux-201909-2-firefox-multiple-issues-16-41-59" data-item_title="ArchLinux: 201909-2: firefox: multiple issues" data-item_date="2019-09-11T16:41:59+00:00" ></span><script>(function(d,e,s){a=d.createElement(e);m=d.getElementsByTagName(e)[0];a.async=1;a.src=s;m.parentNode.insertBefore(a,m)})(document,'script','//w.likebtn.com/js/w/widget.js');if(typeof(LikeBtn)!="undefined"){LikeBtn.init();}</script></div></div><div class="share-btns"><p>Share <div class="helix-social-share"><div class="helix-social-share-icon"><ul><li><div class="facebook" data-toggle="tooltip" data-placement="top" title="Share On Facebook"><a class="facebook" onClick="window.open('http://www.facebook.com/sharer.php?u=https://linuxsecurity.com/advisories/archlinux/archlinux-201909-2-firefox-multiple-issues-16-41-59','Facebook','width=600,height=300,left='+(screen.availWidth/2-300)+',top='+(screen.availHeight/2-150)+''); return false;" href="http://www.facebook.com/sharer.php?u=https://linuxsecurity.com/advisories/archlinux/archlinux-201909-2-firefox-multiple-issues-16-41-59" title="Archlinux 201909 2 Firefox Multiple Issues 16 41 59"><i class="fa fa-facebook"></i></a></div></li><li><div class="twitter" data-toggle="tooltip" data-placement="top" title="Share On Twitter"><a class="twitter" onClick="window.open('http://twitter.com/share?url=https://linuxsecurity.com/advisories/archlinux/archlinux-201909-2-firefox-multiple-issues-16-41-59&text=ArchLinux:%20201909-2:%20firefox:%20multiple%20issues','Twitter share','width=600,height=300,left='+(screen.availWidth/2-300)+',top='+(screen.availHeight/2-150)+''); return false;" href="http://twitter.com/share?url=https://linuxsecurity.com/advisories/archlinux/archlinux-201909-2-firefox-multiple-issues-16-41-59&text=ArchLinux:%20201909-2:%20firefox:%20multiple%20issues" title="Archlinux 201909 2 Firefox Multiple Issues 16 41 59&amp;text ArchLinux:%20201909 2:%20firefox:%20multiple%20issues"><i class="fa fa-twitter"></i></a></div></li><li><div class="google-plus"><a class="gplus" data-toggle="tooltip" data-placement="top" title="Share On Google Plus" onClick="window.open('https://plus.google.com/share?url=https://linuxsecurity.com/advisories/archlinux/archlinux-201909-2-firefox-multiple-issues-16-41-59','Google plus','width=585,height=666,left='+(screen.availWidth/2-292)+',top='+(screen.availHeight/2-333)+''); return false;" href="https://plus.google.com/share?url=https://linuxsecurity.com/advisories/archlinux/archlinux-201909-2-firefox-multiple-issues-16-41-59" ><i class="fa fa-google-plus"></i></a></div></li><li><div class="linkedin"><a class="linkedin" data-toggle="tooltip" data-placement="top" title="Share On Linkedin" onClick="window.open('http://www.linkedin.com/shareArticle?mini=true&url=https://linuxsecurity.com/advisories/archlinux/archlinux-201909-2-firefox-multiple-issues-16-41-59','Linkedin','width=585,height=666,left='+(screen.availWidth/2-292)+',top='+(screen.availHeight/2-333)+''); return false;" href="http://www.linkedin.com/shareArticle?mini=true&url=https://linuxsecurity.com/advisories/archlinux/archlinux-201909-2-firefox-multiple-issues-16-41-59" ><i class="fa fa-linkedin-square"></i></a></div></li></ul></div></div></p></div></div><div class="pagination-col"></div></div></article><div class="moreposts-module"><div class="moduletable rspbld-module latest-features-wrap howtos-articles"><h2 class="rspbld-title">Related News</h2><div class="recent-projects home-posts"><div class="projects-carousel touch-carousel111 "><div class="juct-articles11 "><div class="item-list row"><div class="item item-first col-sm-12"><div class="item-box clearfix"><div class="item-box-inner"><div class="image "><a href="/news/organizations-events/why-the-founder-of-apache-is-all-in-on-blockchain" target="_self" title="Data Container Block"><img class="speedcache-lazy speedcache-lazy-hidden" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/x8AAwMCAO+ip1sAAAAASUVORK5CYII=" data-speedcachelazy-src="/images/data_container_block.png" alt="Why the founder of Apache is all-in on blockchain" width="520" height="292"><noscript><img src="/images/data_container_block.png" alt="Why the founder of Apache is all-in on blockchain" width="520" height="292"></noscript></a></div><div class="post-description"><div class="post-description-inner"><div class="article-title"><a href="/news/organizations-events/why-the-founder-of-apache-is-all-in-on-blockchain" target="_self" title="Why the founder of Apache is all-in on blockchain">Why the founder of Apache is all-in on blockchain</a></div><div class="meta"></div></div></div></div></div></div><div class="item item-first col-sm-12"><div class="item-box clearfix"><div class="item-box-inner"><div class="image "><a href="/privacy/mozilla-private-network-vpn-gives-firefox-another-privacy-boost" target="_self" title="Shutterstock 1085503550 2 Compressor"><img class="speedcache-lazy speedcache-lazy-hidden" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/x8AAwMCAO+ip1sAAAAASUVORK5CYII=" data-speedcachelazy-src="/images/shutterstock_1085503550-2-compressor.jpg" alt="Mozilla Private Network VPN gives Firefox another privacy boost" width="780" height="408"><noscript><img src="/images/shutterstock_1085503550-2-compressor.jpg" alt="Mozilla Private Network VPN gives Firefox another privacy boost" width="780" height="408"></noscript></a></div><div class="post-description"><div class="post-description-inner"><div class="article-title"><a href="/privacy/mozilla-private-network-vpn-gives-firefox-another-privacy-boost" target="_self" title="Mozilla Private Network VPN gives Firefox another privacy boost">Mozilla Private Network VPN gives Firefox another privacy boost</a></div><div class="meta"></div></div></div></div></div></div><div class="item item-first col-sm-12"><div class="item-box clearfix"><div class="item-box-inner"><div class="image "><a href="/news/security-vulnerabilities/google-discloses-vulnerability-in-chrome-os-built-in-security-key-feature" target="_self" title="Chromebook Chrome Os"><img class="speedcache-lazy speedcache-lazy-hidden" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/x8AAwMCAO+ip1sAAAAASUVORK5CYII=" data-speedcachelazy-src="/images/chromebook-chrome-os.jpg" alt="Google discloses vulnerability in Chrome OS 'built-in security key' feature" width="1000" height="455"><noscript><img src="/images/chromebook-chrome-os.jpg" alt="Google discloses vulnerability in Chrome OS 'built-in security key' feature" width="1000" height="455"></noscript></a></div><div class="post-description"><div class="post-description-inner"><div class="article-title"><a href="/news/security-vulnerabilities/google-discloses-vulnerability-in-chrome-os-built-in-security-key-feature" target="_self" title="Google discloses vulnerability in Chrome OS 'built-in security key' feature">Google discloses vulnerability in Chrome OS 'built-in security key' feature</a></div><div class="meta"></div></div></div></div></div></div><div class="item item-first col-sm-12"><div class="item-box clearfix"><div class="item-box-inner"><div class="image "><a href="/news/cloud-security/4-open-source-cloud-security-tools" target="_self" title="Cloud Tools Hardware"><img class="speedcache-lazy speedcache-lazy-hidden" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/x8AAwMCAO+ip1sAAAAASUVORK5CYII=" data-speedcachelazy-src="/images/cloud_tools_hardware.png" alt="4 open source cloud security tools" width="520" height="292"><noscript><img src="/images/cloud_tools_hardware.png" alt="4 open source cloud security tools" width="520" height="292"></noscript></a></div><div class="post-description"><div class="post-description-inner"><div class="article-title"><a href="/news/cloud-security/4-open-source-cloud-security-tools" target="_self" title="4 open source cloud security tools">4 open source cloud security tools</a></div><div class="meta"></div></div></div></div></div></div></div></div></div></div></div></div><script type="text/x-template" id="ccomment-pagination"><nav class="pagination text-center" v-if="pagination.last_page > 0"><ul ><li v-if="showPrevious()" :class="{ 'disabled' : pagination.current_page <= 1 }"><span v-if="pagination.current_page <= 1"><span aria-hidden="true">Prev</span></span><a href="#" v-if="pagination.current_page title="Prev"> 1 " :aria-label="config.ariaPrevioius"  @click.prevent="changePage(pagination.current_page - 1)"><span aria-hidden="true">Prev</span></a></li><li v-for="num in array" :class="{ 'active': num === pagination.current_page }"><a href="#" @click.prevent="changePage(num)" title="{{ num }}">{{ num }}</a></li><li v-if="showNext()" :class="{ 'disabled' : pagination.current_page === pagination.last_page || pagination.last_page === 0 }"><span v-if="pagination.current_page === pagination.last_page || pagination.last_page === 0"><span aria-hidden="true">Next</span></span><a href="#" v-if="pagination.current_page < pagination.last_page" :aria-label="config.ariaNext"  @click.prevent="changePage(pagination.current_page + 1)" title="Next"><span aria-hidden="true">Next</span></a></li></ul></nav></script><script type="text/x-template" id="ccomment-avatar"><div class="ccomment-avatar"><a v-if="profileLink" v-bind:href="profileLink" title="avatar"><img v-bind:src="avatar" alt="avatar"/></a><img v-else v-bind:src="avatar" alt="avatar"/></div></script><script type="text/x-template" id="ccomment-user-name"><a v-if="profileLink" :href="profileLink" title="{{name}}"><span class="ccomment-author">{{name}}</span></a><span v-else class="ccomment-author">{{name}}</span></script><script type="text/x-template" id="ccomment-created"><a :href="'#!/ccomment-comment=' + id" class="muted ccomment-created" title="{Monday 16th Sep 2019}"> {<span class="hd-date">Monday 16th Sep 2019</span>} </a></script><div id="ccomment-token" style="display:none;"><input type="hidden" name="5cd44e440f2570e6789669eef0834d99" value="1" /></div><script type="text/x-template" id="ccomment-customfields"><div class="ccomment-customfields" v-if="customfields"><strong>Custom fields</strong><dl class="dl-horizontal"><template v-for="customfield in customfields"><dt>{{customfield.title}}</dt><dd>{{customfield.value}}</dd></template></dl></div></script><script type="text/x-template" id="ccomment-template"><li v-bind:class="model.class+' ccomment-level-'+model.level"><div class="ccomment-comment-content" v-bind:id="'ccomment-comment-'+model.id"><div class="ccomment-data"><ccomment-avatar v-bind:avatar="model.avatar" v-bind:profileLink="model.profileLink"/><div class="ccomment-content"><div class="ccomment-meta"><ccomment-user-name v-bind:name="model.name" v-bind:profileLink="model.profileLink"></ccomment-user-name><ccomment-created v-bind:date="model.date" v-bind:id="model.id"></ccomment-created></div><div v-html="model.comment"></div><div v-if="model.galleria" class="js-ccomment-galleria galleria ccomment-galleria"></div><ccomment-customfields v-bind:customfields="model.customfields"></ccomment-customfields><div class="ccomment-actions"><div class="pull-right ccomment-moderation"><button v-if="model.commentModerator" class="btn btn-mini btn-ccomment-edit" v-on:click="edit(model.id)"> Edit </button></div></div></div></div><keep-alive><ccomment-form v-if="reply" :ref="'form-'+model.id" v-bind:focus="true"><input slot="parent-id" name="jform[parentid]" type="hidden" v-bind:value="model.id"/></ccomment-form></keep-alive></div><ul v-if="hasChildren"><ccomment-comment class="item" v-for="model in getChild()" v-bind:key="model.id" v-bind:model="model"></ccomment-comment></ul></li></script><div class="ccomment-not-authorised"><h5>You are not authorised to post comments.</h5><p class="muted small"></p></div><script id="template-upload" type="text/x-tmpl"> {% for (var i=0, file; file=o.files[i]; i++) { %}  <tr class="template-upload fade"><td><span class="preview"></span></td><td><span class="name"><i>{%=file.name%}</i></span><div class="compojoom-single-file-progress"><div class="progress progress-striped active" role="progressbar" aria-valuemin="0" aria-valuemax="100" aria-valuenow="0"><div class="progress-bar progress-bar-success" style="width:0%;"></div></div><small><strong class="size">Processing...</strong></small></div></td><td>  {% if (!i && !o.options.autoUpload) { %}  <button class="btn btn-default btn-xs start" disabled><i class="fa fa-upload"></i><span>Start</span></button>  {% } %}  {% if (!i) { %}  <button class="btn btn-default btn-xs btn-xs cancel pull-left"><i class="fa fa-stop"></i><span>Cancel</span></button>  {% } %}  </td></tr> {% } %} </script><script id="template-download" type="text/x-tmpl"> {% for (var i=0, file; file=o.files[i]; i++) { %}  <tr class="template-download fade"><td style="">  {% if (file.thumbnailUrl) { %}  <span class="preview">  {% if (file.url) { %} <a href="/{%=file.url%}" title="{%=file.name%}" download="{%=file.name%}" data-gallery><img src='{%=file.thumbnailUrl%}' alt="{%=file.thumbnailUrl%}"></a> {% } else { %} <img src='{%=file.thumbnailUrl%}' alt="{%=file.thumbnailUrl%}"> {% } %}  </span> {% } %}  </td><td>  {% if (!file.error) { %}  <div class="file-meta"><div class="row"><div class="col-lg-4"><input type="text" class="form-control" placeholder="Title" name="jform[picture_data][{%=file.name%}][title]" value="{%=file.title%}" /></div><div class="col-lg-8"><input type="text" placeholder="Description" class="form-control" name="jform[picture_data][{%=file.name%}][description]" value="{%=file.description%}" /></div></div></div>  {% } %}  {% if (file.error) { %}  <div><span class="label label-danger">Error</span> {%=file.error%}</div>  {% } %}  </td><td style="text-align: center">  {% if (file.deleteUrl) { %}  {% } else { %}  <button class="btn btn-default btn-xs btn-xs cancel"><i class="fa fa-stop"></i><span>Cancel</span></button>  {% }%}  {% if (!file.error) { %}  <input type="hidden" name="jform[picture][]" value="{%=file.name%}" />  {% } %}  </td></tr> {% } %} </script><script type="text/x-template" id="ccomment-menu"><div class="row-fluid ccomment-menu"><h4 class="pull-left"> Comments (<span class="ccomment-comment-counter">{{pagination.total_with_children}}</span>) </h4><div class="pull-right"></div></div></script><div class="ccomment" id="ccomment"><ccomment-menu></ccomment-menu><pagination v-if="pagination.last_page > 1" :pagination="pagination" :callback="loadData" :options="paginationOptions"></pagination><ul class="ccomment-comments-list"><ccomment-comment v-for="item in comments" v-if="item.parentid === -1" class="item" v-bind:key="item.id" v-bind:model="item"></ccomment-comment></ul><ccomment-form></ccomment-form><div class="row-fluid small muted ccomment-powered"><p class="text-center"> Comments powered by <a href='https://compojoom.com' rel='nofollow' target='_blank' title="CComment">CComment</a></p></div></div><script type="text/javascript">window.compojoom=compojoom=window.compojoom||{};compojoom.ccomment={user:{"loggedin":false,"avatar":"https:\/\/linuxsecurity.com\/media\/com_comment\/images\/noavatar.png"},item:{"contentid":280240,"component":"com_content","count":0},config:{"comments_per_page":10,"sort":0,"tree":1,"use_name":0,"tree_depth":5,"form_position":0,"voting":0,"copyright":1,"pagination_position":1,"avatars":0,"gravatar":1,"support_ubb":1,"support_emoticons":0,"support_picture":0,"name_required":1,"email_required":0,"baseUrl":"https:\/\/linuxsecurity.com\/","langCode":"en","file_upload":{"url":"https:\/\/linuxsecurity.com\/index.php?option=com_comment&task=multimedia.doIt","formControl":"jform","fieldName":"picture","maxNumberOfFiles":3,"fileTypes":null,"maxSize":null,"component":"com_comment","imageSize":{"x":"2400","y":"1800"}}}};if(history.pushState){var newurl=window.location.protocol+"//"+window.location.host+window.location.pathname+'#!/ccomment-comment=1';window.history.replaceState({path:newurl},'',newurl);}function ChangeUrl(page,url){if(typeof(history.pushState)!="undefined"){var obj={Page:page,Url:url};history.replaceState(obj,obj.Page,obj.Url);}}jQuery(function(){ChangeUrl('Page3',window.location.pathname);});</script><script data-inline type="text/javascript" src="/media/com_comment/cache/8e12eb270706cd6b2c8483104bf89b54.min.js"></script><div class="article-footer-wrap"><div class="article-footer-top"></div></div></div></div><div id="sp-right" class="col-sm-4 col-md-4"><div class="sp-column class2"><div class="sp-module subscribe-col"><h2 class="rspbld-title">Subscribe to Newsletter</h2><div class="sp-module-content"><div class="acymailing_modulesubscribe-col" id="acymailing_module_formAcymailing67841"><div class="acymailing_fulldiv" id="acymailing_fulldiv_formAcymailing67841" ><form id="formAcymailing67841" action="/advisories" onsubmit="return submitacymailingform('optin','formAcymailing67841')" method="post" name="formAcymailing67841" ><div class="acymailing_module_form" ><div class="acymailing_introtext">Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox</div><table class="acymailing_form"><tr><td class="acyfield_name acy_requiredField"><input id="user_name_formAcymailing67841" onfocus="if(this.value == 'Name') this.value = '';" onblur="if(this.value=='') this.value='Name';" class="inputbox" type="text" name="user[name]" style="width:80%" value="Name" title="Name"/></td></tr><tr><td class="acyfield_email acy_requiredField"><input id="user_email_formAcymailing67841" onfocus="if(this.value == 'E-mail') this.value = '';" onblur="if(this.value=='') this.value='E-mail';" class="inputbox" type="text" name="user[email]" style="width:80%" value="E-mail" title="E-mail"/></td></tr><tr><table class="acymailing_lists"><tr><td><label for="acylist_2"><input type="checkbox" class="acymailing_checkbox" name="subscription[]" id="acylist_2" value="2"/><a href="/component/acymailing/listid-2-linux-news" alt="linux-news" title="Linux Security Week">Linux Security Week</a></label></td></tr><tr><td><label for="acylist_1"><input type="checkbox" class="acymailing_checkbox" name="subscription[]" id="acylist_1" value="1"/><a href="/component/acymailing/listid-1-mailing-list" alt="mailing-list" title="Linux Advisory Watch">Linux Advisory Watch</a></label></td></tr></table><td class="acysubbuttons"><input class="button subbutton btn btn-primary" type="submit" value="Subscribe" name="Submit" onclick="try{ return submitacymailingform('optin','formAcymailing67841'); }catch(err){alert('The form could not be submitted '+err);return false;}"/></td></tr></table><input type="hidden" name="ajax" value="1" /><input type="hidden" name="acy_source" value="module_116" /><input type="hidden" name="ctrl" value="sub"/><input type="hidden" name="task" value="notask"/><input type="hidden" name="redirect" value="https%3A%2F%2Flinuxsecurity.com%2Fadvisories%2Farchlinux%2Farchlinux-201909-2-firefox-multiple-issues-16-41-59"/><input type="hidden" name="redirectunsub" value="https%3A%2F%2Flinuxsecurity.com%2Fadvisories%2Farchlinux%2Farchlinux-201909-2-firefox-multiple-issues-16-41-59"/><input type="hidden" name="option" value="com_acymailing"/><input type="hidden" name="hiddenlists" value=""/><input type="hidden" name="acyformname" value="formAcymailing67841" /></div></form></div></div></div></div><div class="sp-module "><div class="sp-module-content"><div class="custom" ><script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script><ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-8946084125644802" data-ad-slot="6888659366" data-ad-format="auto" data-full-width-responsive="true"></ins><script>(adsbygoogle=window.adsbygoogle||[]).push({});</script></div></div></div><div class="sp-module rspbld-module poll-box new-poll"><h2 class="rspbld-title">LinuxSecurity Poll</h2><div class="sp-module-content"><div id="cj-wrapper" class="cjpoll-wrapper rp-617859885"><h4 class="page-title">What do you think of the articles on LinuxSecurity?</h4><div class="panel panel-success poll-messages" style="display: none"><div class="panel-heading">Message!</div><div class="panel-body"><div class="poll-end-message"></div></div></div><form class="voting-form clearfix" name="voting-form" action="/main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity"><ul class="list-unstyled no-margin-left"><li><label class="radio"><input name="answer" type="radio" value="87" class="required" /> Excellent, don't change a thing! </label></li><li><label class="radio"><input name="answer" type="radio" value="88" class="required" /> Should be more technical </label></li><li><label class="radio"><input name="answer" type="radio" value="89" class="required" /> Should include more HOWTOs </label></li></ul></form><div id="cp-error-message-wrapper" class="cp-error-message-wrapper" style="display: none;"><div class="alert alert-error"><i class="fa fa-warning"></i><span id="cp-error-message" class="cp-error-message"></span></div></div><div style="display: none;"><div id="error_no_selection" class="error_no_selection">No answer selected. Please try again.</div><div id="error_select_one_answer" class="error_select_one_answer">Please select either existing option or enter your own, however not both.</div><div id="msg_validation_min_max_answers_required" class="msg_validation_min_max_answers_required"> Please select minimum 0 answer(s) and maximum 3 answer(s). </div><div id="url_vote" class="url_vote">/main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json</div><div id="poll_id" class="poll_id">24</div><div id="poll_secret" class="poll_secret"></div><div id="poll_type" class="poll_type">radio</div></div><div class="poll-results" style="display: none;"><div class=""><div class="answer-87"><label><i class="fa fa-asterisk"></i> Excellent, don't change a thing! (<span class="votecount">13</span> votes / <span class="votepct">56.52%</span>) </label><div class="progress progress-striped"><div class="bar progress-bar" role="progressbar" aria-valuenow="56.52" aria-valuemin="0" aria-valuemax="100" style="width: 56.52%; background-color: #ff5b00"><span class="sr-only"><span class='votecount'>56.52%</span> votes</span></div></div></div><div class="answer-88"><label><i class="fa fa-asterisk"></i> Should be more technical (<span class="votecount">3</span> votes / <span class="votepct">13.04%</span>) </label><div class="progress progress-striped"><div class="bar progress-bar" role="progressbar" aria-valuenow="13.04" aria-valuemin="0" aria-valuemax="100" style="width: 13.04%; background-color: #4ac0f2"><span class="sr-only"><span class='votecount'>13.04%</span> votes</span></div></div></div><div class="answer-89"><label><i class="fa fa-asterisk"></i> Should include more HOWTOs (<span class="votecount">7</span> votes / <span class="votepct">30.43%</span>) </label><div class="progress progress-striped"><div class="bar progress-bar" role="progressbar" aria-valuenow="30.43" aria-valuemin="0" aria-valuemax="100" style="width: 30.43%; background-color: #b80028"><span class="sr-only"><span class='votecount'>30.43%</span> votes</span></div></div></div></div></div><div style="display: none;"><span id="poll_answers" class="poll_answers">[{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":56.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":30.43,"resources":[]}]</span><span id="color_pallete" class="color_pallete">["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]</span><span id="rgb_color_pallete" class="rgb_color_pallete">["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]</span><span id="chart_height" class="chart_height">350</span></div><div class="poll-action-buttons text-inline"><div class="alert alert-warning" style="display: none;"><i class="fa fa-exclamation-triangle"></i><span class="error-message"></span></div><button class="btn btn-default btn-view-result" ><i class="fa fa-bar-chart-o"></i> Result </button><button class="btn btn-default btn-vote-form" style="display: none"><i class="fa fa-th-list"></i> Vote Form </button><button class="btn btn-primary btn-vote" ><i class="fa fa-hand-o-up"></i> Vote </button></div><div class="rp-footer margin-top-20"></div><div style="display: none;"><span id="legend_position" class="legend_position">bottom</span><span id="chart_height" class="chart_height">200</span></div></div></div></div><div class="sp-module advisories_col"><h2 class="rspbld-title">Advisories</h2><div class="sp-module-content"><div class="recent-projects home-posts"><div class="projects-carousel touch-carousel111 "><div class="juct-articles11 "><div class="item-list row"><div class="item item-first col-sm-12"><div class="item-box clearfix"><div class="item-box-inner"><div class="image noimage"><a href="/advisories/fedora/fedora-29-jbig2dec-fedora-2019-55973f4ef8-22-21-18" target="_self" title="Fedora 29 Jbig2dec Fedora 2019 55973f4ef8 22 21 18"></a></div><div class="post-description"><div class="post-description-inner"><div class="article-title"><a href="/advisories/fedora/fedora-29-jbig2dec-fedora-2019-55973f4ef8-22-21-18" target="_self" title="Fedora 29: jbig2dec FEDORA-2019-55973f4ef8">Fedora 29: jbig2dec FEDORA-2019-55973f4ef8</a></div><div class="meta"><div class="date"><span class="meta-title">Date</span><span class="meta-value">15 Sep 2019 @ 18:21 </span></div></div></div></div></div></div></div><div class="item item-first col-sm-12"><div class="item-box clearfix"><div class="item-box-inner"><div class="image noimage"><a href="/advisories/fedora/fedora-30-thunderbird-fedora-2019-cffb7e7911-21-11-24" target="_self" title="Fedora 30 Thunderbird Fedora 2019 Cffb7e7911 21 11 24"></a></div><div class="post-description"><div class="post-description-inner"><div class="article-title"><a href="/advisories/fedora/fedora-30-thunderbird-fedora-2019-cffb7e7911-21-11-24" target="_self" title="Fedora 30: thunderbird FEDORA-2019-cffb7e7911">Fedora 30: thunderbird FEDORA-2019-cffb7e7911</a></div><div class="meta"><div class="date"><span class="meta-title">Date</span><span class="meta-value">15 Sep 2019 @ 17:11 </span></div></div></div></div></div></div></div><div class="item item-first col-sm-12"><div class="item-box clearfix"><div class="item-box-inner"><div class="image noimage"><a href="/advisories/fedora/fedora-30-jbig2dec-fedora-2019-686ecf43f4-21-10-59" target="_self" title="Fedora 30 Jbig2dec Fedora 2019 686ecf43f4 21 10 59"></a></div><div class="post-description"><div class="post-description-inner"><div class="article-title"><a href="/advisories/fedora/fedora-30-jbig2dec-fedora-2019-686ecf43f4-21-10-59" target="_self" title="Fedora 30: jbig2dec FEDORA-2019-686ecf43f4">Fedora 30: jbig2dec FEDORA-2019-686ecf43f4</a></div><div class="meta"><div class="date"><span class="meta-title">Date</span><span class="meta-value">15 Sep 2019 @ 17:10 </span></div></div></div></div></div></div></div><div class="item item-first col-sm-12"><div class="item-box clearfix"><div class="item-box-inner"><div class="image noimage"><a href="/advisories/fedora/fedora-31-openconnect-fedora-2019-6969467639-20-03-48" target="_self" title="Fedora 31 Openconnect Fedora 2019 6969467639 20 03 48"></a></div><div class="post-description"><div class="post-description-inner"><div class="article-title"><a href="/advisories/fedora/fedora-31-openconnect-fedora-2019-6969467639-20-03-48" target="_self" title="Fedora 31: openconnect FEDORA-2019-6969467639">Fedora 31: openconnect FEDORA-2019-6969467639</a></div><div class="meta"><div class="date"><span class="meta-title">Date</span><span class="meta-value">15 Sep 2019 @ 16:03 </span></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></section><footer id="sp-footer" class="footer-wrap main-footer"><div class="container"><div class="row"><div id="sp-footer1" class="col-sm-5 col-md-5"><div class="sp-column footer-column footer-one"><div class="sp-module "><div class="sp-module-content"><div class="custom" ><p><span class="powered">Powered By</span></p><p><img class="speedcache-lazy speedcache-lazy-hidden img-responsive" style="float: left;" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/x8AAwMCAO+ip1sAAAAASUVORK5CYII=" data-speedcachelazy-src="/images/footer-logo.png" alt="Guardian Digital offers threat-ready business email security gateway services accompanied by unparalleled customer support." width="304" height="112" /><noscript><img class="img-responsive" style="float: left;" src="/images/footer-logo.png" alt="Guardian Digital offers threat-ready business email security gateway services accompanied by unparalleled customer support." width="304" height="112" /></noscript></p></div></div></div></div></div><div id="sp-footer2" class="col-sm-2 col-md-2"><div class="sp-column footer-column footer-two"><div class="sp-module "><div class="sp-module-content"><div class="custom" ><ul><li><a href="http://dev.perfecent.com/linux-security/" title="Home">Home</a></li><li><a href="/index.php/about" title="About">About</a></li><li><a href="/index.php/forum" title="Community">Community</a></li><li><a href="/howtos" title="HOWTOs">HOWTOs</a></li><li><a href="/sitemap" title="Sitemap">Sitemap</a></li><li><a href="/features" title="Features">Features</a></li></ul></div></div></div></div></div><div id="sp-footer3" class="col-sm-2 col-md-2"><div class="sp-column footer-column footer-three"><div class="sp-module "><div class="sp-module-content"><div class="custom" ><ul><li><a href="/features/book-reviews" title="Book Reviews">Book Reviews</a></li><li><a href="/contact-us" title="Contact Us">Contact Us</a></li><li><a href="/news/security-projects" title="Security Projects">Security Projects</a></li><li><a href="/advisories" title="Latest News">Latest News</a></li><li><a href="/security-dictionary" title="Security Dictionary">Security Dictionary</a></li><li><a href="/news/selinux" title="SELinux">SELinux</a></li></ul></div></div></div></div></div><div id="sp-footer4" class="col-sm-3 col-md-3"><div class="sp-column footer-column footer-four"><div class="sp-module "><div class="sp-module-content"><div class="custom" ><ul><li><a href="/privacy" title="Privacy">Privacy</a></li><li><a href="/howtos/harden-my-filesystem" title="Hardening">Hardening</a></li><li><a href="/index.php/advertise" title="Advertise">Advertise</a></li><li><a href="/index.php/legal-notice" title="Legal Notice">Legal Notice</a></li><li><a href="/linuxsecurity-rss-feeds" title="RSS">RSS</a></li><li><a href="http://www.guardiandigital.com/" target="_blank" rel="noopener noreferrer" title="Guardian Digital">Guardian Digital</a></li></ul></div></div></div></div></div></div></div></footer><section id="sp-copyright" class="footer-copyright"><div class="container"><div class="row"><div id="sp-copyright" class="col-sm-12 col-md-12"><div class="sp-column copyright-text"><div class="sp-module "><div class="sp-module-content"><div class="custom" ><p>Copyright <span class="hd-date">2019</span> Guardian Digital, Inc. All rights reserved.</p><ul class="footer-nav"><li><a href="/privacy" title="Privacy Policy">Privacy Policy</a></li><li><a href="/terms-of-service" title="Terms &amp; Conditions">Terms & Conditions</a></li><li><a href="/cookies" title="Cookie Policy">Cookie Policy</a></li></ul></div></div></div></div></div></div></div></section></div></div><div class="offcanvas-menu"><a href="#" class="close-offcanvas" aria-label="Close" title=""><i class="fa fa-remove" aria-hidden="true"></i></a><div class="offcanvas-inner"><div class="sp-module "><div class="sp-module-content"><ul class="nav menu"><li class="item-107"><a href="/news" title="News"> News</a></li><li class="item-108 current active"><a href="/advisories" title="Advisories"> Advisories</a></li><li class="item-109"><a href="/howtos" title="HOWTOs"> HOWTOs</a></li><li class="item-110"><a href="/features" title="Features"> Features</a></li><li class="item-111"><a href="/forums" title="Forums"> Forums</a></li><li class="item-112"><a href="/newsletters" title="Newsletters"> Newsletters</a></li><li class="item-113"><a href="/polls" title="Polls"> Polls</a></li><li class="item-114"><a href="/about" title="About"> About</a></li></ul></div></div></div></div><div class="cadre_alert_cookies" id="cadre_alert_cookies" style="opacity:1;text-align:center;position:fixed;z-index:10000;left: 0;right: 0;bottom: 0; margin:0px;"><div class="cadre_inner_alert_cookies" style="display: inline-block;width: 100%;margin:auto;max-width:100%;background-color: #ffffff;border: 0px solid #eeeeee;"><div class="cadre_inner_texte_alert_cookies" style="display: inline-block;padding:10px;color: #666666"><div class="cadre_texte "><p>We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. </p></div><div class="cadre_bouton "><div class=" col-md-6 col-sm-6 btn_close" style="margin:0;text-align:center"><button onclick="CloseCadreAlertCookie();" style="color:#eeeeee" class="btn btn-warning popup-modal-dismiss">Accept</button></div><div class=" col-md-6 col-sm-6 btn_readmore" style="margin:0;text-align:center"><a style="color:#eeeeee" class="btn btn-inverse read_more" href="/cookies">Learn More</a></div></div></div></div></div><script type="text/javascript">var name="fmalertcookies"+"=";var ca=document.cookie.split(";");var acceptCookie=false;for(var i=0;i<ca.length;i++){var c=ca[i];while(c.charAt(0)==" ")c=c.substring(1);if(c.indexOf(name)==0){acceptCookie=true;document.getElementById("cadre_alert_cookies").style.display="none";}}var d=new Date();d.setTime(d.getTime()+(30*(24*60*60*1000)));var expires_cookie="expires="+d.toUTCString();function CloseCadreAlertCookie(){document.getElementById('cadre_alert_cookies').style.display='none';document.cookie='fmalertcookies=true; '+expires_cookie+'; path=/';}</script><div id="jfbcLoginModal" class="sourcecoast modal" style="display:none"><div class="modal-body">You are now being logged in using your Facebook credentials</div></div></body></html>