SUSE: 2019:2872-1 important: MozillaFirefox

    Date31 Oct 2019
    CategorySuSE
    263
    Posted ByLinuxSecurity Advisories
    An update that fixes 51 vulnerabilities is now available.
    
       SUSE Security Update: Security update for MozillaFirefox
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:2872-1
    Rating:             important
    References:         #1010399 #1010405 #1010406 #1010408 #1010409 
                        #1010421 #1010423 #1010424 #1010425 #1010426 
                        #1025108 #1043008 #1047281 #1074235 #1092611 
                        #1120374 #1137990 #1149429 #1154738 #959933 
                        #983922 
    Cross-References:   CVE-2016-2830 CVE-2016-5289 CVE-2016-5292
                        CVE-2016-9063 CVE-2016-9067 CVE-2016-9068
                        CVE-2016-9069 CVE-2016-9071 CVE-2016-9073
                        CVE-2016-9075 CVE-2016-9076 CVE-2016-9077
                        CVE-2017-7789 CVE-2018-5150 CVE-2018-5151
                        CVE-2018-5152 CVE-2018-5153 CVE-2018-5154
                        CVE-2018-5155 CVE-2018-5157 CVE-2018-5158
                        CVE-2018-5159 CVE-2018-5160 CVE-2018-5163
                        CVE-2018-5164 CVE-2018-5165 CVE-2018-5166
                        CVE-2018-5167 CVE-2018-5168 CVE-2018-5169
                        CVE-2018-5172 CVE-2018-5173 CVE-2018-5174
                        CVE-2018-5175 CVE-2018-5176 CVE-2018-5177
                        CVE-2018-5178 CVE-2018-5179 CVE-2018-5180
                        CVE-2018-5181 CVE-2018-5182 CVE-2018-5183
                        CVE-2019-11757 CVE-2019-11758 CVE-2019-11759
                        CVE-2019-11760 CVE-2019-11761 CVE-2019-11762
                        CVE-2019-11763 CVE-2019-11764 CVE-2019-15903
                       
    Affected Products:
                        SUSE OpenStack Cloud Crowbar 8
                        SUSE OpenStack Cloud 8
                        SUSE OpenStack Cloud 7
                        SUSE Linux Enterprise Software Development Kit 12-SP5
                        SUSE Linux Enterprise Software Development Kit 12-SP4
                        SUSE Linux Enterprise Server for SAP 12-SP3
                        SUSE Linux Enterprise Server for SAP 12-SP2
                        SUSE Linux Enterprise Server for SAP 12-SP1
                        SUSE Linux Enterprise Server 12-SP5
                        SUSE Linux Enterprise Server 12-SP4
                        SUSE Linux Enterprise Server 12-SP3-LTSS
                        SUSE Linux Enterprise Server 12-SP3-BCL
                        SUSE Linux Enterprise Server 12-SP2-LTSS
                        SUSE Linux Enterprise Server 12-SP2-BCL
                        SUSE Linux Enterprise Server 12-SP1-LTSS
                        SUSE Linux Enterprise Desktop 12-SP4
                        SUSE Enterprise Storage 5
                        HPE Helion Openstack 8
    ______________________________________________________________________________
    
       An update that fixes 51 vulnerabilities is now available.
    
    Description:
    
       This update for MozillaFirefox to 68.2.0 ESR fixes the following issues:
    
       Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738).
    
       Security issues fixed:
    
       -  CVE-2019-15903: Fixed a heap overflow in the expat library
          (bsc#1149429).
       -  CVE-2019-11757: Fixed a use-after-free when creating index updates in
          IndexedDB (bsc#1154738).
       -  CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total
          Security (bsc#1154738).
       -  CVE-2019-11759: Fixed a stack buffer overflow in HKDF output
          (bsc#1154738).
       -  CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking
          (bsc#1154738).
       -  CVE-2019-11761: Fixed an unintended access to a privileged JSONView
          object (bsc#1154738).
       -  CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).
       -  CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).
       -  CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).
    
       Non-security issues fixed:
    
       - Firefox 60.7 ESR changed the user interface language (bsc#1137990).
       - Wrong Firefox GUI Language (bsc#1120374).
       - Fixed an inadvertent crash report transmission without user opt-in
         (bsc#1074235).
       - Firefox hangs randomly when browsing and scrolling (bsc#1043008).
       - Firefox stops loading page until mouse is moved (bsc#1025108).
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE OpenStack Cloud Crowbar 8:
    
          zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2872=1
    
       - SUSE OpenStack Cloud 8:
    
          zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2872=1
    
       - SUSE OpenStack Cloud 7:
    
          zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2872=1
    
       - SUSE Linux Enterprise Software Development Kit 12-SP5:
    
          zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2872=1
    
       - SUSE Linux Enterprise Software Development Kit 12-SP4:
    
          zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2872=1
    
       - SUSE Linux Enterprise Server for SAP 12-SP3:
    
          zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2872=1
    
       - SUSE Linux Enterprise Server for SAP 12-SP2:
    
          zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2872=1
    
       - SUSE Linux Enterprise Server for SAP 12-SP1:
    
          zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2872=1
    
       - SUSE Linux Enterprise Server 12-SP5:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2872=1
    
       - SUSE Linux Enterprise Server 12-SP4:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2872=1
    
       - SUSE Linux Enterprise Server 12-SP3-LTSS:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2872=1
    
       - SUSE Linux Enterprise Server 12-SP3-BCL:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2872=1
    
       - SUSE Linux Enterprise Server 12-SP2-LTSS:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2872=1
    
       - SUSE Linux Enterprise Server 12-SP2-BCL:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2872=1
    
       - SUSE Linux Enterprise Server 12-SP1-LTSS:
    
          zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2872=1
    
       - SUSE Linux Enterprise Desktop 12-SP4:
    
          zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2872=1
    
       - SUSE Enterprise Storage 5:
    
          zypper in -t patch SUSE-Storage-5-2019-2872=1
    
       - HPE Helion Openstack 8:
    
          zypper in -t patch HPE-Helion-OpenStack-8-2019-2872=1
    
    
    
    Package List:
    
       - SUSE OpenStack Cloud Crowbar 8 (x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE OpenStack Cloud 8 (x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE OpenStack Cloud 7 (s390x x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-devel-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
    
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-devel-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64):
    
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-devel-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-devel-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-devel-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-devel-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-devel-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-devel-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Linux Enterprise Desktop 12-SP4 (x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - SUSE Enterprise Storage 5 (aarch64 x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
       - HPE Helion Openstack 8 (x86_64):
    
          MozillaFirefox-68.2.0-109.95.2
          MozillaFirefox-debuginfo-68.2.0-109.95.2
          MozillaFirefox-debugsource-68.2.0-109.95.2
          MozillaFirefox-translations-common-68.2.0-109.95.2
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2016-2830.html
       https://www.suse.com/security/cve/CVE-2016-5289.html
       https://www.suse.com/security/cve/CVE-2016-5292.html
       https://www.suse.com/security/cve/CVE-2016-9063.html
       https://www.suse.com/security/cve/CVE-2016-9067.html
       https://www.suse.com/security/cve/CVE-2016-9068.html
       https://www.suse.com/security/cve/CVE-2016-9069.html
       https://www.suse.com/security/cve/CVE-2016-9071.html
       https://www.suse.com/security/cve/CVE-2016-9073.html
       https://www.suse.com/security/cve/CVE-2016-9075.html
       https://www.suse.com/security/cve/CVE-2016-9076.html
       https://www.suse.com/security/cve/CVE-2016-9077.html
       https://www.suse.com/security/cve/CVE-2017-7789.html
       https://www.suse.com/security/cve/CVE-2018-5150.html
       https://www.suse.com/security/cve/CVE-2018-5151.html
       https://www.suse.com/security/cve/CVE-2018-5152.html
       https://www.suse.com/security/cve/CVE-2018-5153.html
       https://www.suse.com/security/cve/CVE-2018-5154.html
       https://www.suse.com/security/cve/CVE-2018-5155.html
       https://www.suse.com/security/cve/CVE-2018-5157.html
       https://www.suse.com/security/cve/CVE-2018-5158.html
       https://www.suse.com/security/cve/CVE-2018-5159.html
       https://www.suse.com/security/cve/CVE-2018-5160.html
       https://www.suse.com/security/cve/CVE-2018-5163.html
       https://www.suse.com/security/cve/CVE-2018-5164.html
       https://www.suse.com/security/cve/CVE-2018-5165.html
       https://www.suse.com/security/cve/CVE-2018-5166.html
       https://www.suse.com/security/cve/CVE-2018-5167.html
       https://www.suse.com/security/cve/CVE-2018-5168.html
       https://www.suse.com/security/cve/CVE-2018-5169.html
       https://www.suse.com/security/cve/CVE-2018-5172.html
       https://www.suse.com/security/cve/CVE-2018-5173.html
       https://www.suse.com/security/cve/CVE-2018-5174.html
       https://www.suse.com/security/cve/CVE-2018-5175.html
       https://www.suse.com/security/cve/CVE-2018-5176.html
       https://www.suse.com/security/cve/CVE-2018-5177.html
       https://www.suse.com/security/cve/CVE-2018-5178.html
       https://www.suse.com/security/cve/CVE-2018-5179.html
       https://www.suse.com/security/cve/CVE-2018-5180.html
       https://www.suse.com/security/cve/CVE-2018-5181.html
       https://www.suse.com/security/cve/CVE-2018-5182.html
       https://www.suse.com/security/cve/CVE-2018-5183.html
       https://www.suse.com/security/cve/CVE-2019-11757.html
       https://www.suse.com/security/cve/CVE-2019-11758.html
       https://www.suse.com/security/cve/CVE-2019-11759.html
       https://www.suse.com/security/cve/CVE-2019-11760.html
       https://www.suse.com/security/cve/CVE-2019-11761.html
       https://www.suse.com/security/cve/CVE-2019-11762.html
       https://www.suse.com/security/cve/CVE-2019-11763.html
       https://www.suse.com/security/cve/CVE-2019-11764.html
       https://www.suse.com/security/cve/CVE-2019-15903.html
       https://bugzilla.suse.com/1010399
       https://bugzilla.suse.com/1010405
       https://bugzilla.suse.com/1010406
       https://bugzilla.suse.com/1010408
       https://bugzilla.suse.com/1010409
       https://bugzilla.suse.com/1010421
       https://bugzilla.suse.com/1010423
       https://bugzilla.suse.com/1010424
       https://bugzilla.suse.com/1010425
       https://bugzilla.suse.com/1010426
       https://bugzilla.suse.com/1025108
       https://bugzilla.suse.com/1043008
       https://bugzilla.suse.com/1047281
       https://bugzilla.suse.com/1074235
       https://bugzilla.suse.com/1092611
       https://bugzilla.suse.com/1120374
       https://bugzilla.suse.com/1137990
       https://bugzilla.suse.com/1149429
       https://bugzilla.suse.com/1154738
       https://bugzilla.suse.com/959933
       https://bugzilla.suse.com/983922
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"66","type":"x","order":"1","pct":57.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.57,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.