Mageia 6 Firefox Security Update 2019-0211 Moderate: Multiple Threats

mageia

July 21, 2019

Sandbox escape via installation of malicious language pack

Summary

Sandbox escape via installation of malicious language pack. (CVE-2019-9811)
Script injection within domain through inner window reuse. (CVE-2019-11711)
Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. (CVE-2019-11712)
Use-after-free with HTTP/2 cached stream. (CVE-2019-11713)
Empty or malformed p256-ECDH public keys may trigger a segmentation fault. (CVE-2019-11729)
HTML parsing error can contribute to content XSS. (CVE-2019-11715)
Caret character improperly escaped in origins. (CVE-2019-11717)
Out-of-bounds read when importing curve25519 private key. (CVE-2019-11719)
Same-origin policy treats all files in a directory as having the same-origin. (CVE-2019-11730)
Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8. (CVE-2019-11709)

References

- https://bugs.mageia.org/show_bug.cgi?id=25102

- https://www.firefox.com/en-US/firefox/60.8.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/

- https://www.cve.org/CVERecord?id=CVE-2019-9811

- https://www.cve.org/CVERecord?id=CVE-2019-11711

- https://www.cve.org/CVERecord?id=CVE-2019-11712

- https://www.cve.org/CVERecord?id=CVE-2019-11713

- https://www.cve.org/CVERecord?id=CVE-2019-11729

- https://www.cve.org/CVERecord?id=CVE-2019-11715

- https://www.cve.org/CVERecord?id=CVE-2019-11717

- https://www.cve.org/CVERecord?id=CVE-2019-11719

- https://www.cve.org/CVERecord?id=CVE-2019-11730

- https://www.cve.org/CVERecord?id=CVE-2019-11709

Topics Covered

security advisory firefox cross-origin sandbox escape script injection Mageia malicious language

Resolution

SRPMS

- 6/core/firefox-60.8.0-1.mga6

- 6/core/firefox-l10n-60.8.0-1.mga6

- 6/core/nss-3.36.8-1.1.mga6

- 6/core/rootcerts-20190604.00-1.mga6

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 21 Jul 2019

URL: https://advisories.mageia.org/MGASA-2019-0211.html

Type: security

CVE: CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11729, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719, CVE-2019-11730, CVE-2019-11709

Topics Covered

security advisory firefox cross-origin sandbox escape script injection Mageia malicious language

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 6 Firefox Security Update 2019-0211 Moderate: Multiple Threats

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 6 Firefox Security Update 2019-0211 Moderate: Multiple Threats

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!