Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

openSUSE 15.0 SUSE-SU-2019:1077-1 Important: MozillaFirefox Update

opensuse
Calendar Grey March 29, 2019
Dist Opensuse Esm H88
Critical openSUSE Security Patch for Chrome addressing 9 major vulnerabilities with essential corrections.
An update that fixes 11 vulnerabilities is now available.

Description

This update for MozillaFirefox fixes the following issues:

Mozilla Firefox was updated to 60.6.1esr / MFSA 2019-10 (bsc#1130262)

* CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information

* CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations

Mozilla Firefox was updated to 60.6.0esr / MFSA 2019-08 (boo#1129821)

* CVE-2019-9790: Use-after-free when removing in-use DOM elements

* CVE-2019-9791: Type inference is incorrect for constructors entered

through on-stack replacement with IonMonkey

* CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script

* CVE-2019-9793: Improper bounds checks when Spectre mitigations are

disabled

* CVE-2019-9794: Command line arguments not discarded during execution

* CVE-2019-9795: Type-confusion in IonMonkey JIT compiler

* CVE-2019-9796: Use-after-free with SMIL animation controller

* CVE-2018-18506: Proxy Auto-Configuration file can define localhost

access to...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical important memory safety browser update openSUSE MozillaFirefox

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1077=1

Package List

- openSUSE Leap 15.0 (x86_64):

MozillaFirefox-60.6.1-lp150.3.45.1

MozillaFirefox-branding-upstream-60.6.1-lp150.3.45.1

MozillaFirefox-buildsymbols-60.6.1-lp150.3.45.1

MozillaFirefox-debuginfo-60.6.1-lp150.3.45.1

MozillaFirefox-debugsource-60.6.1-lp150.3.45.1

MozillaFirefox-devel-60.6.1-lp150.3.45.1

MozillaFirefox-translations-common-60.6.1-lp150.3.45.1

MozillaFirefox-translations-other-60.6.1-lp150.3.45.1

References

https://www.suse.com/security/cve/CVE-2018-18506.html

https://www.suse.com/security/cve/CVE-2019-9788.html

https://www.suse.com/security/cve/CVE-2019-9790.html

https://www.suse.com/security/cve/CVE-2019-9791.html

https://www.suse.com/security/cve/CVE-2019-9792.html

https://www.suse.com/security/cve/CVE-2019-9793.html

https://www.suse.com/security/cve/CVE-2019-9794.html

https://www.suse.com/security/cve/CVE-2019-9795.html

https://www.suse.com/security/cve/CVE-2019-9796.html

https://www.suse.com/security/cve/CVE-2019-9810.html

https://www.suse.com/security/cve/CVE-2019-9813.html

https://bugzilla.suse.com/1129821

https://bugzilla.suse.com/1130262

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1077-1
Rating: important
Affected Products: openSUSE Leap 15.0

Topics%20covered

Topics Covered

security advisory critical important memory safety browser update openSUSE MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here