SCIENTIFIC-LINUX-ERRATA Archives

November 2019

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Critical: firefox on SL6.x i386/x86_64
From:
Farhan Ahmed <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Fri, 1 Nov 2019 13:13:05 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (52 lines) 
Synopsis:          Critical: firefox security update

Advisory ID:       SLSA-2019:3281-1

Issue Date:        2019-10-31

CVE Numbers:       CVE-2019-11757

                   CVE-2019-11758

                   CVE-2019-11759

                   CVE-2019-11760

                   CVE-2019-11761

                   CVE-2019-11762

                   CVE-2019-11763

                   CVE-2019-11764

--





Security Fix(es):



* Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2

(CVE-2019-11764)



* Mozilla: Use-after-free when creating index updates in IndexedDB

(CVE-2019-11757)



* Mozilla: Potentially exploitable crash due to 360 Total Security

(CVE-2019-11758)



* Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759)



* Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760)



* Mozilla: Unintended access to a privileged JSONView object

(CVE-2019-11761)



* Mozilla: document.domain-based origin isolation has same-origin-property

violation (CVE-2019-11762)



* Mozilla: Incorrect HTML parsing results in XSS bypass technique

(CVE-2019-11763)



--



SL6

  x86_64

    firefox-68.2.0-4.el6_10.x86_64.rpm

    firefox-debuginfo-68.2.0-4.el6_10.x86_64.rpm

    firefox-68.2.0-4.el6_10.i686.rpm

    firefox-debuginfo-68.2.0-4.el6_10.i686.rpm

  i386

    firefox-68.2.0-4.el6_10.i686.rpm

    firefox-debuginfo-68.2.0-4.el6_10.i686.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2