SUSE: 2019:14246-1 important: Mozilla Firefox

    Date11 Dec 2019
    CategorySuSE
    1112
    Posted ByLinuxSecurity Advisories
    An update that fixes 118 vulnerabilities is now available.
    
       SUSE Security Update: Security update for Mozilla Firefox
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:14246-1
    Rating:             important
    References:         #1000036 #1001652 #1025108 #1029377 #1029902 
                        #1040164 #104105 #1042670 #1043008 #1044946 
                        #1047925 #1047936 #1048299 #1049186 #1050653 
                        #1056058 #1058013 #1066242 #1066953 #1070738 
                        #1070853 #1072320 #1072322 #1073796 #1073798 
                        #1073799 #1073803 #1073808 #1073818 #1073823 
                        #1073829 #1073830 #1073832 #1073846 #1074235 
                        #1077230 #1079761 #1081750 #1082318 #1087453 
                        #1087459 #1087463 #1088573 #1091764 #1094814 
                        #1097158 #1097375 #1097401 #1097404 #1097748 
                        #1104841 #1105019 #1107030 #1109465 #1117473 
                        #1117626 #1117627 #1117629 #1117630 #1120644 
                        #1122191 #1123482 #1124525 #1127532 #1129346 
                        #1130694 #1130840 #1133452 #1133810 #1134209 
                        #1138459 #1140290 #1140868 #1141853 #1144919 
                        #1145665 #1146090 #1146091 #1146093 #1146094 
                        #1146095 #1146097 #1146099 #1146100 #1149323 
                        #1153423 #1154738 #1447070 #1447409 #744625 
                        #744629 #845955 #865853 #905528 #917607 #935856 
                        #937414 #947747 #948045 #948602 #955142 #957814 
                        #957815 #961254 #962297 #966076 #966077 #985201 
                        #986541 #991344 #998743 
    Cross-References:   CVE-2013-2882 CVE-2013-6639 CVE-2013-6640
                        CVE-2013-6668 CVE-2014-0224 CVE-2015-3193
                        CVE-2015-3194 CVE-2015-5380 CVE-2015-7384
                        CVE-2016-2086 CVE-2016-2178 CVE-2016-2183
                        CVE-2016-2216 CVE-2016-5172 CVE-2016-5325
                        CVE-2016-6304 CVE-2016-6306 CVE-2016-7052
                        CVE-2016-7099 CVE-2017-1000381 CVE-2017-10686
                        CVE-2017-11111 CVE-2017-11499 CVE-2017-14228
                        CVE-2017-14849 CVE-2017-14919 CVE-2017-15896
                        CVE-2017-15897 CVE-2017-17810 CVE-2017-17811
                        CVE-2017-17812 CVE-2017-17813 CVE-2017-17814
                        CVE-2017-17815 CVE-2017-17816 CVE-2017-17817
                        CVE-2017-17818 CVE-2017-17819 CVE-2017-17820
                        CVE-2017-18207 CVE-2017-3735 CVE-2017-3736
                        CVE-2017-3738 CVE-2018-0732 CVE-2018-1000168
                        CVE-2018-12115 CVE-2018-12116 CVE-2018-12121
                        CVE-2018-12122 CVE-2018-12123 CVE-2018-20406
                        CVE-2018-20852 CVE-2018-7158 CVE-2018-7159
                        CVE-2018-7160 CVE-2018-7161 CVE-2018-7167
                        CVE-2019-10160 CVE-2019-11709 CVE-2019-11710
                        CVE-2019-11711 CVE-2019-11712 CVE-2019-11713
                        CVE-2019-11714 CVE-2019-11715 CVE-2019-11716
                        CVE-2019-11717 CVE-2019-11718 CVE-2019-11719
                        CVE-2019-11720 CVE-2019-11721 CVE-2019-11723
                        CVE-2019-11724 CVE-2019-11725 CVE-2019-11727
                        CVE-2019-11728 CVE-2019-11729 CVE-2019-11730
                        CVE-2019-11733 CVE-2019-11735 CVE-2019-11736
                        CVE-2019-11738 CVE-2019-11740 CVE-2019-11742
                        CVE-2019-11743 CVE-2019-11744 CVE-2019-11746
                        CVE-2019-11747 CVE-2019-11748 CVE-2019-11749
                        CVE-2019-11750 CVE-2019-11751 CVE-2019-11752
                        CVE-2019-11753 CVE-2019-11757 CVE-2019-11758
                        CVE-2019-11759 CVE-2019-11760 CVE-2019-11761
                        CVE-2019-11762 CVE-2019-11763 CVE-2019-11764
                        CVE-2019-13173 CVE-2019-15903 CVE-2019-5010
                        CVE-2019-5737 CVE-2019-9511 CVE-2019-9512
                        CVE-2019-9513 CVE-2019-9514 CVE-2019-9515
                        CVE-2019-9516 CVE-2019-9517 CVE-2019-9518
                        CVE-2019-9636 CVE-2019-9811 CVE-2019-9812
                        CVE-2019-9947
    Affected Products:
                        SUSE Linux Enterprise Server 11-SP4-LTSS
    ______________________________________________________________________________
    
       An update that fixes 118 vulnerabilities is now available.
    
    Description:
    
    
       This update contains the Mozilla Firefox ESR 68.2 release.
    
       Mozilla Firefox was updated to ESR 68.2 release:
    
       * Enterprise: New administrative policies were added. More information and
         templates are available at the Policy Templates page.
    
       * Various security fixes: MFSA 2019-33 (bsc#1154738)
         * CVE-2019-15903: Heap overflow in expat library in
           XML_GetCurrentLineNumber
         * CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
         * CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
         * CVE-2019-11759: Stack buffer overflow in HKDF output
         * CVE-2019-11760: Stack buffer overflow in WebRTC networking
         * CVE-2019-11761: Unintended access to a privileged JSONView object
         * CVE-2019-11762: document.domain-based origin isolation has
           same-origin- property violation
         * CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
         * CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR
           68.2
    
       Other Issues resolved:
    
       * [bsc#1104841] Newer versions of firefox have a dependency on
         GLIBCXX_3.4.20
       * [bsc#1074235] MozillaFirefox: background tab crash reports sent
         inadvertently without user opt-in
       * [bsc#1043008] Firefox hangs randomly when browsing and scrolling
       * [bsc#1025108] Firefox stops loading page until mouse is moved
       * [bsc#905528]  Firefox malfunctions due to broken omni.ja archives
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Server 11-SP4-LTSS:
    
          zypper in -t patch slessp4-firefox-201910-14246=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64):
    
          MozillaFirefox-68.2.0-78.51.4
          MozillaFirefox-branding-SLED-68-21.9.8
          MozillaFirefox-translations-common-68.2.0-78.51.4
          MozillaFirefox-translations-other-68.2.0-78.51.4
          firefox-atk-lang-2.26.1-2.8.4
          firefox-gdk-pixbuf-lang-2.36.11-2.8.4
          firefox-gdk-pixbuf-query-loaders-2.36.11-2.8.4
          firefox-gdk-pixbuf-thumbnailer-2.36.11-2.8.4
          firefox-gio-branding-upstream-2.54.3-2.14.7
          firefox-glib2-lang-2.54.3-2.14.7
          firefox-glib2-tools-2.54.3-2.14.7
          firefox-gtk3-branding-upstream-3.10.9-2.15.3
          firefox-gtk3-data-3.10.9-2.15.3
          firefox-gtk3-immodule-amharic-3.10.9-2.15.3
          firefox-gtk3-immodule-inuktitut-3.10.9-2.15.3
          firefox-gtk3-immodule-multipress-3.10.9-2.15.3
          firefox-gtk3-immodule-thai-3.10.9-2.15.3
          firefox-gtk3-immodule-vietnamese-3.10.9-2.15.3
          firefox-gtk3-immodule-xim-3.10.9-2.15.3
          firefox-gtk3-immodules-tigrigna-3.10.9-2.15.3
          firefox-gtk3-lang-3.10.9-2.15.3
          firefox-gtk3-tools-3.10.9-2.15.3
          firefox-libatk-1_0-0-2.26.1-2.8.4
          firefox-libcairo-gobject2-1.15.10-2.13.4
          firefox-libcairo2-1.15.10-2.13.4
          firefox-libffi4-5.3.1+r233831-14.1
          firefox-libffi7-3.2.1.git259-2.3.3
          firefox-libgcc_s1-5.3.1+r233831-14.1
          firefox-libgcc_s1-gcc8-8.2.1+r264010-2.5.1
          firefox-libgdk_pixbuf-2_0-0-2.36.11-2.8.4
          firefox-libgtk-3-0-3.10.9-2.15.3
          firefox-libharfbuzz0-1.7.5-2.7.4
          firefox-libpango-1_0-0-1.40.14-2.7.4
          firefox-libstdc++6-5.3.1+r233831-14.1
          firefox-libstdc++6-gcc8-8.2.1+r264010-2.5.1
          libfirefox-gio-2_0-0-2.54.3-2.14.7
          libfirefox-glib-2_0-0-2.54.3-2.14.7
          libfirefox-gmodule-2_0-0-2.54.3-2.14.7
          libfirefox-gobject-2_0-0-2.54.3-2.14.7
          libfirefox-gthread-2_0-0-2.54.3-2.14.7
          libfreebl3-3.45-38.9.3
          libfreebl3-32bit-3.45-38.9.3
          libsoftokn3-3.45-38.9.3
          libsoftokn3-32bit-3.45-38.9.3
          mozilla-nspr-32bit-4.21-29.6.1
          mozilla-nspr-4.21-29.6.1
          mozilla-nspr-devel-4.21-29.6.1
          mozilla-nss-3.45-38.9.3
          mozilla-nss-32bit-3.45-38.9.3
          mozilla-nss-certs-3.45-38.9.3
          mozilla-nss-certs-32bit-3.45-38.9.3
          mozilla-nss-devel-3.45-38.9.3
          mozilla-nss-tools-3.45-38.9.3
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2013-2882.html
       https://www.suse.com/security/cve/CVE-2013-6639.html
       https://www.suse.com/security/cve/CVE-2013-6640.html
       https://www.suse.com/security/cve/CVE-2013-6668.html
       https://www.suse.com/security/cve/CVE-2014-0224.html
       https://www.suse.com/security/cve/CVE-2015-3193.html
       https://www.suse.com/security/cve/CVE-2015-3194.html
       https://www.suse.com/security/cve/CVE-2015-5380.html
       https://www.suse.com/security/cve/CVE-2015-7384.html
       https://www.suse.com/security/cve/CVE-2016-2086.html
       https://www.suse.com/security/cve/CVE-2016-2178.html
       https://www.suse.com/security/cve/CVE-2016-2183.html
       https://www.suse.com/security/cve/CVE-2016-2216.html
       https://www.suse.com/security/cve/CVE-2016-5172.html
       https://www.suse.com/security/cve/CVE-2016-5325.html
       https://www.suse.com/security/cve/CVE-2016-6304.html
       https://www.suse.com/security/cve/CVE-2016-6306.html
       https://www.suse.com/security/cve/CVE-2016-7052.html
       https://www.suse.com/security/cve/CVE-2016-7099.html
       https://www.suse.com/security/cve/CVE-2017-1000381.html
       https://www.suse.com/security/cve/CVE-2017-10686.html
       https://www.suse.com/security/cve/CVE-2017-11111.html
       https://www.suse.com/security/cve/CVE-2017-11499.html
       https://www.suse.com/security/cve/CVE-2017-14228.html
       https://www.suse.com/security/cve/CVE-2017-14849.html
       https://www.suse.com/security/cve/CVE-2017-14919.html
       https://www.suse.com/security/cve/CVE-2017-15896.html
       https://www.suse.com/security/cve/CVE-2017-15897.html
       https://www.suse.com/security/cve/CVE-2017-17810.html
       https://www.suse.com/security/cve/CVE-2017-17811.html
       https://www.suse.com/security/cve/CVE-2017-17812.html
       https://www.suse.com/security/cve/CVE-2017-17813.html
       https://www.suse.com/security/cve/CVE-2017-17814.html
       https://www.suse.com/security/cve/CVE-2017-17815.html
       https://www.suse.com/security/cve/CVE-2017-17816.html
       https://www.suse.com/security/cve/CVE-2017-17817.html
       https://www.suse.com/security/cve/CVE-2017-17818.html
       https://www.suse.com/security/cve/CVE-2017-17819.html
       https://www.suse.com/security/cve/CVE-2017-17820.html
       https://www.suse.com/security/cve/CVE-2017-18207.html
       https://www.suse.com/security/cve/CVE-2017-3735.html
       https://www.suse.com/security/cve/CVE-2017-3736.html
       https://www.suse.com/security/cve/CVE-2017-3738.html
       https://www.suse.com/security/cve/CVE-2018-0732.html
       https://www.suse.com/security/cve/CVE-2018-1000168.html
       https://www.suse.com/security/cve/CVE-2018-12115.html
       https://www.suse.com/security/cve/CVE-2018-12116.html
       https://www.suse.com/security/cve/CVE-2018-12121.html
       https://www.suse.com/security/cve/CVE-2018-12122.html
       https://www.suse.com/security/cve/CVE-2018-12123.html
       https://www.suse.com/security/cve/CVE-2018-20406.html
       https://www.suse.com/security/cve/CVE-2018-20852.html
       https://www.suse.com/security/cve/CVE-2018-7158.html
       https://www.suse.com/security/cve/CVE-2018-7159.html
       https://www.suse.com/security/cve/CVE-2018-7160.html
       https://www.suse.com/security/cve/CVE-2018-7161.html
       https://www.suse.com/security/cve/CVE-2018-7167.html
       https://www.suse.com/security/cve/CVE-2019-10160.html
       https://www.suse.com/security/cve/CVE-2019-11709.html
       https://www.suse.com/security/cve/CVE-2019-11710.html
       https://www.suse.com/security/cve/CVE-2019-11711.html
       https://www.suse.com/security/cve/CVE-2019-11712.html
       https://www.suse.com/security/cve/CVE-2019-11713.html
       https://www.suse.com/security/cve/CVE-2019-11714.html
       https://www.suse.com/security/cve/CVE-2019-11715.html
       https://www.suse.com/security/cve/CVE-2019-11716.html
       https://www.suse.com/security/cve/CVE-2019-11717.html
       https://www.suse.com/security/cve/CVE-2019-11718.html
       https://www.suse.com/security/cve/CVE-2019-11719.html
       https://www.suse.com/security/cve/CVE-2019-11720.html
       https://www.suse.com/security/cve/CVE-2019-11721.html
       https://www.suse.com/security/cve/CVE-2019-11723.html
       https://www.suse.com/security/cve/CVE-2019-11724.html
       https://www.suse.com/security/cve/CVE-2019-11725.html
       https://www.suse.com/security/cve/CVE-2019-11727.html
       https://www.suse.com/security/cve/CVE-2019-11728.html
       https://www.suse.com/security/cve/CVE-2019-11729.html
       https://www.suse.com/security/cve/CVE-2019-11730.html
       https://www.suse.com/security/cve/CVE-2019-11733.html
       https://www.suse.com/security/cve/CVE-2019-11735.html
       https://www.suse.com/security/cve/CVE-2019-11736.html
       https://www.suse.com/security/cve/CVE-2019-11738.html
       https://www.suse.com/security/cve/CVE-2019-11740.html
       https://www.suse.com/security/cve/CVE-2019-11742.html
       https://www.suse.com/security/cve/CVE-2019-11743.html
       https://www.suse.com/security/cve/CVE-2019-11744.html
       https://www.suse.com/security/cve/CVE-2019-11746.html
       https://www.suse.com/security/cve/CVE-2019-11747.html
       https://www.suse.com/security/cve/CVE-2019-11748.html
       https://www.suse.com/security/cve/CVE-2019-11749.html
       https://www.suse.com/security/cve/CVE-2019-11750.html
       https://www.suse.com/security/cve/CVE-2019-11751.html
       https://www.suse.com/security/cve/CVE-2019-11752.html
       https://www.suse.com/security/cve/CVE-2019-11753.html
       https://www.suse.com/security/cve/CVE-2019-11757.html
       https://www.suse.com/security/cve/CVE-2019-11758.html
       https://www.suse.com/security/cve/CVE-2019-11759.html
       https://www.suse.com/security/cve/CVE-2019-11760.html
       https://www.suse.com/security/cve/CVE-2019-11761.html
       https://www.suse.com/security/cve/CVE-2019-11762.html
       https://www.suse.com/security/cve/CVE-2019-11763.html
       https://www.suse.com/security/cve/CVE-2019-11764.html
       https://www.suse.com/security/cve/CVE-2019-13173.html
       https://www.suse.com/security/cve/CVE-2019-15903.html
       https://www.suse.com/security/cve/CVE-2019-5010.html
       https://www.suse.com/security/cve/CVE-2019-5737.html
       https://www.suse.com/security/cve/CVE-2019-9511.html
       https://www.suse.com/security/cve/CVE-2019-9512.html
       https://www.suse.com/security/cve/CVE-2019-9513.html
       https://www.suse.com/security/cve/CVE-2019-9514.html
       https://www.suse.com/security/cve/CVE-2019-9515.html
       https://www.suse.com/security/cve/CVE-2019-9516.html
       https://www.suse.com/security/cve/CVE-2019-9517.html
       https://www.suse.com/security/cve/CVE-2019-9518.html
       https://www.suse.com/security/cve/CVE-2019-9636.html
       https://www.suse.com/security/cve/CVE-2019-9811.html
       https://www.suse.com/security/cve/CVE-2019-9812.html
       https://www.suse.com/security/cve/CVE-2019-9947.html
       https://bugzilla.suse.com/1000036
       https://bugzilla.suse.com/1001652
       https://bugzilla.suse.com/1025108
       https://bugzilla.suse.com/1029377
       https://bugzilla.suse.com/1029902
       https://bugzilla.suse.com/1040164
       https://bugzilla.suse.com/104105
       https://bugzilla.suse.com/1042670
       https://bugzilla.suse.com/1043008
       https://bugzilla.suse.com/1044946
       https://bugzilla.suse.com/1047925
       https://bugzilla.suse.com/1047936
       https://bugzilla.suse.com/1048299
       https://bugzilla.suse.com/1049186
       https://bugzilla.suse.com/1050653
       https://bugzilla.suse.com/1056058
       https://bugzilla.suse.com/1058013
       https://bugzilla.suse.com/1066242
       https://bugzilla.suse.com/1066953
       https://bugzilla.suse.com/1070738
       https://bugzilla.suse.com/1070853
       https://bugzilla.suse.com/1072320
       https://bugzilla.suse.com/1072322
       https://bugzilla.suse.com/1073796
       https://bugzilla.suse.com/1073798
       https://bugzilla.suse.com/1073799
       https://bugzilla.suse.com/1073803
       https://bugzilla.suse.com/1073808
       https://bugzilla.suse.com/1073818
       https://bugzilla.suse.com/1073823
       https://bugzilla.suse.com/1073829
       https://bugzilla.suse.com/1073830
       https://bugzilla.suse.com/1073832
       https://bugzilla.suse.com/1073846
       https://bugzilla.suse.com/1074235
       https://bugzilla.suse.com/1077230
       https://bugzilla.suse.com/1079761
       https://bugzilla.suse.com/1081750
       https://bugzilla.suse.com/1082318
       https://bugzilla.suse.com/1087453
       https://bugzilla.suse.com/1087459
       https://bugzilla.suse.com/1087463
       https://bugzilla.suse.com/1088573
       https://bugzilla.suse.com/1091764
       https://bugzilla.suse.com/1094814
       https://bugzilla.suse.com/1097158
       https://bugzilla.suse.com/1097375
       https://bugzilla.suse.com/1097401
       https://bugzilla.suse.com/1097404
       https://bugzilla.suse.com/1097748
       https://bugzilla.suse.com/1104841
       https://bugzilla.suse.com/1105019
       https://bugzilla.suse.com/1107030
       https://bugzilla.suse.com/1109465
       https://bugzilla.suse.com/1117473
       https://bugzilla.suse.com/1117626
       https://bugzilla.suse.com/1117627
       https://bugzilla.suse.com/1117629
       https://bugzilla.suse.com/1117630
       https://bugzilla.suse.com/1120644
       https://bugzilla.suse.com/1122191
       https://bugzilla.suse.com/1123482
       https://bugzilla.suse.com/1124525
       https://bugzilla.suse.com/1127532
       https://bugzilla.suse.com/1129346
       https://bugzilla.suse.com/1130694
       https://bugzilla.suse.com/1130840
       https://bugzilla.suse.com/1133452
       https://bugzilla.suse.com/1133810
       https://bugzilla.suse.com/1134209
       https://bugzilla.suse.com/1138459
       https://bugzilla.suse.com/1140290
       https://bugzilla.suse.com/1140868
       https://bugzilla.suse.com/1141853
       https://bugzilla.suse.com/1144919
       https://bugzilla.suse.com/1145665
       https://bugzilla.suse.com/1146090
       https://bugzilla.suse.com/1146091
       https://bugzilla.suse.com/1146093
       https://bugzilla.suse.com/1146094
       https://bugzilla.suse.com/1146095
       https://bugzilla.suse.com/1146097
       https://bugzilla.suse.com/1146099
       https://bugzilla.suse.com/1146100
       https://bugzilla.suse.com/1149323
       https://bugzilla.suse.com/1153423
       https://bugzilla.suse.com/1154738
       https://bugzilla.suse.com/1447070
       https://bugzilla.suse.com/1447409
       https://bugzilla.suse.com/744625
       https://bugzilla.suse.com/744629
       https://bugzilla.suse.com/845955
       https://bugzilla.suse.com/865853
       https://bugzilla.suse.com/905528
       https://bugzilla.suse.com/917607
       https://bugzilla.suse.com/935856
       https://bugzilla.suse.com/937414
       https://bugzilla.suse.com/947747
       https://bugzilla.suse.com/948045
       https://bugzilla.suse.com/948602
       https://bugzilla.suse.com/955142
       https://bugzilla.suse.com/957814
       https://bugzilla.suse.com/957815
       https://bugzilla.suse.com/961254
       https://bugzilla.suse.com/962297
       https://bugzilla.suse.com/966076
       https://bugzilla.suse.com/966077
       https://bugzilla.suse.com/985201
       https://bugzilla.suse.com/986541
       https://bugzilla.suse.com/991344
       https://bugzilla.suse.com/998743
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"81","type":"x","order":"1","pct":56.25,"resources":[]},{"id":"88","title":"Should be more technical","votes":"21","type":"x","order":"2","pct":14.58,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"42","type":"x","order":"3","pct":29.17,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.