SciLinux: SLSA-2019-1763-1 Critical: firefox on SL7.x x86_64

    Date11 Jul 2019
    362
    Posted ByLinuxSecurity Advisories
    This update upgrades Firefox to version 60.8.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following [More...]
    Synopsis: Critical: firefox security update
    Advisory ID:       SLSA-2019:1763-1
    Issue Date:        2019-07-11
    CVE Numbers:       CVE-2019-11709
                       CVE-2019-11711
                       CVE-2019-11712
                       CVE-2019-11713
                       CVE-2019-11715
                       CVE-2019-11717
                       CVE-2019-11730
                       CVE-2019-9811
    --
    
    This update upgrades Firefox to version 60.8.0 ESR.
    
    Security Fix(es):
    
    * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
    (CVE-2019-11709)
    
    * Mozilla: Sandbox escape via installation of malicious language pack
    (CVE-2019-9811)
    
    * Mozilla: Script injection within domain through inner window reuse
    (CVE-2019-11711)
    
    * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects (CVE-2019-11712)
    
    * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713)
    
    * Mozilla: HTML parsing error can contribute to content XSS
    (CVE-2019-11715)
    
    * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717)
    
    * Mozilla: Same-origin policy treats all files in a directory as having
    the same-origin (CVE-2019-11730)
    --
    
    SL7
      x86_64
        firefox-60.8.0-1.el7_6.x86_64.rpm
        firefox-debuginfo-60.8.0-1.el7_6.x86_64.rpm
        firefox-60.8.0-1.el7_6.i686.rpm
        firefox-debuginfo-60.8.0-1.el7_6.i686.rpm
    
    - Scientific Linux Development Team
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.