Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE Leap 15.1 Security Update: MozillaFirefox Important Fix

opensuse
Calendar Grey January 9, 2020
Dist Opensuse Esm H88
Essential security patch for openSUSE MozillaFirefox resolves various vulnerabilities and improves overall safety.
An update that fixes 8 vulnerabilities is now available.

Description

This update for MozillaFirefox fixes the following issues:

Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)

Security issues fixed:

- CVE-2019-17008: Fixed a use-after-free in worker destruction

(bmo#1546331)

- CVE-2019-13722: Fixed a stack corruption due to incorrect number of

arguments in WebRTC code (bmo#1580156)

- CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with

a block cipher (bmo#1586176)

- CVE-2019-17009: Fixed an issue where updater temporary files accessible

to unprivileged processes (bmo#1510494)

- CVE-2019-17010: Fixed a use-after-free when performing device

orientation checks (bmo#1581084)

- CVE-2019-17005: Fixed a buffer overflow in plain text serializer

(bmo#1584170)

- CVE-2019-17011: Fixed a use-after-free when retrieving a document in

antitracking (bmo#1591334)

- CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957,

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow important update openSUSE use-after-free stack corruption MozillaFirefox

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2=1

Package List

- openSUSE Leap 15.1 (x86_64):

MozillaFirefox-68.3.0-lp151.2.21.1

MozillaFirefox-branding-upstream-68.3.0-lp151.2.21.1

MozillaFirefox-buildsymbols-68.3.0-lp151.2.21.1

MozillaFirefox-debuginfo-68.3.0-lp151.2.21.1

MozillaFirefox-debugsource-68.3.0-lp151.2.21.1

MozillaFirefox-devel-68.3.0-lp151.2.21.1

MozillaFirefox-translations-common-68.3.0-lp151.2.21.1

MozillaFirefox-translations-other-68.3.0-lp151.2.21.1

References

https://www.suse.com/security/cve/CVE-2019-11745.html

https://www.suse.com/security/cve/CVE-2019-13722.html

https://www.suse.com/security/cve/CVE-2019-17005.html

https://www.suse.com/security/cve/CVE-2019-17008.html

https://www.suse.com/security/cve/CVE-2019-17009.html

https://www.suse.com/security/cve/CVE-2019-17010.html

https://www.suse.com/security/cve/CVE-2019-17011.html

https://www.suse.com/security/cve/CVE-2019-17012.html

https://bugzilla.suse.com/1157652

https://bugzilla.suse.com/1158328

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:0002-1
Rating: important
Affected Products: openSUSE Leap 15.1

Topics%20covered

Topics Covered

security advisory buffer overflow important update openSUSE use-after-free stack corruption MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here