openSUSE: 2019:1534-1 Important: MozillaFirefox Buffer Overflow Fix
opensuse
June 10, 2019
An update that fixes 17 vulnerabilities is now available.
Description
This update for MozillaFirefox fixes the following issues:
MozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14):
* CVE-2018-18511: Cross-origin theft of images with
ImageBitmapRenderingContext
* CVE-2019-11691: Use-after-free in XMLHttpRequest
* CVE-2019-11692: Use-after-free removing listeners in the event listener
manager
* CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
* CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in
Windows sandbox
* CVE-2019-11698: Theft of user history data through drag and drop of
hyperlinks to and from bookmarks
* CVE-2019-5798: Out-of-bounds read in Skia
* CVE-2019-7317: Use-after-free in png_image_free of libpng library
* CVE-2019-9797: Cross-origin theft of images with createImageBitmap
* CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR
60.7
* CVE-2019-9815: Disable hyperthreading on content JavaScript threads on
...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2019-1534=1
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1534=1
Package List
- openSUSE Leap 42.3 (x86_64):
MozillaFirefox-60.7.0-145.2
MozillaFirefox-branding-upstream-60.7.0-145.2
MozillaFirefox-buildsymbols-60.7.0-145.2
MozillaFirefox-debuginfo-60.7.0-145.2
MozillaFirefox-debugsource-60.7.0-145.2
MozillaFirefox-devel-60.7.0-145.2
MozillaFirefox-translations-common-60.7.0-145.2
MozillaFirefox-translations-other-60.7.0-145.2
- openSUSE Leap 15.0 (x86_64):
MozillaFirefox-60.7.0-lp150.3.54.5
MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5
MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5
MozillaFirefox-debuginfo-60.7.0-lp150.3.54.5
MozillaFirefox-debugsource-60.7.0-lp150.3.54.5
MozillaFirefox-devel-60.7.0-lp150.3.54.5
MozillaFirefox-translations-common-60.7.0-lp150.3.54.5
MozillaFirefox-translations-other-60.7.0-lp150.3.54.5
References
https://www.suse.com/security/cve/CVE-2018-18511.html
https://www.suse.com/security/cve/CVE-2019-11691.html
https://www.suse.com/security/cve/CVE-2019-11692.html
https://www.suse.com/security/cve/CVE-2019-11693.html
https://www.suse.com/security/cve/CVE-2019-11694.html
https://www.suse.com/security/cve/CVE-2019-11698.html
https://www.suse.com/security/cve/CVE-2019-5798.html
https://www.suse.com/security/cve/CVE-2019-7317.html
https://www.suse.com/security/cve/CVE-2019-9797.html
https://www.suse.com/security/cve/CVE-2019-9800.html
https://www.suse.com/security/cve/CVE-2019-9815.html
https://www.suse.com/security/cve/CVE-2019-9816.html
https://www.suse.com/security/cve/CVE-2019-9817.html
https://www.suse.com/security/cve/CVE-2019-9818.html
https://www.suse.com/security/cve/CVE-2019-9819.html
https://www.suse.com/security/cve/CVE-2019-9820.html
https://www.suse.com/security/cve/CVE-2019-9821.html
https://bugzilla.suse.com/1135824
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2019:1534-1
Rating: important
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!