Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 7 Security Advisory: MGASA-2019-0315 Critical Firefox Issues

mageia
Calendar Grey November 7, 2019
Dist Mageia Esm H88
Recent updates to the Firefox browser address multiple security flaws, including critical use-after-free and buffer overflow vulnerabilities.
The updated packages fix several bugs and some security issues: Use-after-free when creating index updates in IndexedDB

Summary

The updated packages fix several bugs and some security issues:
Use-after-free when creating index updates in IndexedDB. (CVE-2019-11757)
Potentially exploitable crash due to 360 Total Security. (CVE-2019-11758)
Stack buffer overflow in HKDF output. (CVE-2019-11759)
Stack buffer overflow in WebRTC networking. (CVE-2019-11760)
Unintended access to a privileged JSONView object. (CVE-2019-11761)
document.domain-based origin isolation has same-origin-property violation. (CVE-2019-11762)
Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763)
Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2. (CVE-2019-11764)
Heap overflow in expat library in XML_GetCurrentLineNumber. (CVE-2019-15903)

References

- https://bugs.mageia.org/show_bug.cgi?id=25595

- https://www.firefox.com/en-US/firefox/68.2.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/

- - https://access.redhat.com/errata/RHSA-2019:3193

- https://www.cve.org/CVERecord?id=CVE-2019-11757

- https://www.cve.org/CVERecord?id=CVE-2019-11758

- https://www.cve.org/CVERecord?id=CVE-2019-11759

- https://www.cve.org/CVERecord?id=CVE-2019-11760

- https://www.cve.org/CVERecord?id=CVE-2019-11761

- https://www.cve.org/CVERecord?id=CVE-2019-11762

- https://www.cve.org/CVERecord?id=CVE-2019-11763

- https://www.cve.org/CVERecord?id=CVE-2019-11764

- https://www.cve.org/CVERecord?id=CVE-2019-15903

Topics%20covered

Topics Covered

security advisory update buffer overflow firefox memory safety use-after-free mageia

Resolution

SRPMS

- 7/core/firefox-68.2.0-1.mga7

- 7/core/firefox-l10n-68.2.0-1.mga7

- 7/core/nspr-4.23-1.mga7

- 7/core/nss-3.47.0-1.mga7

- 7/core/rootcerts-20191011.00-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 07 Nov 2019
URL: https://advisories.mageia.org/MGASA-2019-0315.html
Type: security
CVE: CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903

Topics%20covered

Topics Covered

security advisory update buffer overflow firefox memory safety use-after-free mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here