Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

openSUSE: 2019:2459-1 Important: MozillaFirefox Heap And Buffer Overflow

opensuse
Calendar Grey November 9, 2019
Dist Opensuse Esm H88
A new patch for MozillaFirefox in openSUSE resolves critical vulnerabilities, enhancing both security measures and overall performance.
An update that fixes 9 vulnerabilities is now available.

Description

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the

following issues:

Changes in MozillaFirefox:

Security issues fixed:

- CVE-2019-15903: Fixed a heap overflow in the expat library

(bsc#1149429).

- CVE-2019-11757: Fixed a use-after-free when creating index updates in

IndexedDB (bsc#1154738).

- CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total

Security (bsc#1154738).

- CVE-2019-11759: Fixed a stack buffer overflow in HKDF output

(bsc#1154738).

- CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking

(bsc#1154738).

- CVE-2019-11761: Fixed an unintended access to a privileged JSONView

object (bsc#1154738).

- CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).

- CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).

- CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).

Non-security issues fixed:

- Added Provides-line...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow heap overflow important update openSUSE MozillaFirefox MozillaFirefox-branding

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2459=1

Package List

- openSUSE Leap 15.0 (x86_64):

MozillaFirefox-68.2.0-lp150.3.71.1

MozillaFirefox-branding-openSUSE-68-lp150.3.3.1

MozillaFirefox-branding-upstream-68.2.0-lp150.3.71.1

MozillaFirefox-buildsymbols-68.2.0-lp150.3.71.1

MozillaFirefox-debuginfo-68.2.0-lp150.3.71.1

MozillaFirefox-debugsource-68.2.0-lp150.3.71.1

MozillaFirefox-devel-68.2.0-lp150.3.71.1

MozillaFirefox-translations-common-68.2.0-lp150.3.71.1

MozillaFirefox-translations-other-68.2.0-lp150.3.71.1

firefox-esr-branding-openSUSE-68-lp150.3.3.1

References

https://www.suse.com/security/cve/CVE-2019-11757.html

https://www.suse.com/security/cve/CVE-2019-11758.html

https://www.suse.com/security/cve/CVE-2019-11759.html

https://www.suse.com/security/cve/CVE-2019-11760.html

https://www.suse.com/security/cve/CVE-2019-11761.html

https://www.suse.com/security/cve/CVE-2019-11762.html

https://www.suse.com/security/cve/CVE-2019-11763.html

https://www.suse.com/security/cve/CVE-2019-11764.html

https://www.suse.com/security/cve/CVE-2019-15903.html

https://bugzilla.suse.com/1104841

https://bugzilla.suse.com/1129528

https://bugzilla.suse.com/1137990

https://bugzilla.suse.com/1149429

https://bugzilla.suse.com/1151186

https://bugzilla.suse.com/1153423

https://bugzilla.suse.com/1153869

https://bugzilla.suse.com/1154738

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:2459-1
Rating: important
Affected Products: openSUSE Leap 15.0

Topics%20covered

Topics Covered

security advisory buffer overflow heap overflow important update openSUSE MozillaFirefox MozillaFirefox-branding

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here