SciLinux: SLSA-2019-1765-1 Critical: firefox on SL6.x i386/x86_64

    Date11 Jul 2019
    445
    Posted ByLinuxSecurity Advisories
    This update upgrades Firefox to version 60.8.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following [More...]
    Synopsis: Critical: firefox security update
    Advisory ID:       SLSA-2019:1765-1
    Issue Date:        2019-07-11
    CVE Numbers:       CVE-2019-11709
                       CVE-2019-11711
                       CVE-2019-11712
                       CVE-2019-11713
                       CVE-2019-11715
                       CVE-2019-11717
                       CVE-2019-11730
                       CVE-2019-9811
    --
    
    This update upgrades Firefox to version 60.8.0 ESR.
    
    Security Fix(es):
    
    * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
    (CVE-2019-11709)
    
    * Mozilla: Sandbox escape via installation of malicious language pack
    (CVE-2019-9811)
    
    * Mozilla: Script injection within domain through inner window reuse
    (CVE-2019-11711)
    
    * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects (CVE-2019-11712)
    
    * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713)
    
    * Mozilla: HTML parsing error can contribute to content XSS
    (CVE-2019-11715)
    
    * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717)
    
    * Mozilla: Same-origin policy treats all files in a directory as having
    the same-origin (CVE-2019-11730)
    --
    
    SL6
      x86_64
        firefox-60.8.0-1.el6_10.x86_64.rpm
        firefox-debuginfo-60.8.0-1.el6_10.x86_64.rpm
        firefox-60.8.0-1.el6_10.i686.rpm
        firefox-debuginfo-60.8.0-1.el6_10.i686.rpm
      i386
        firefox-60.8.0-1.el6_10.i686.rpm
        firefox-debuginfo-60.8.0-1.el6_10.i686.rpm
    
    - Scientific Linux Development Team
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"14","type":"x","order":"1","pct":53.85,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":30.77,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.