Synopsis:Critical: firefox security update Advisory ID: SLSA-2019:2694-1 Issue Date: 2019-09-10 CVE Numbers: CVE-2019-11733 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-9812 -- This update upgrades Firefox to version 60.9.0 ESR. Security Fix(es): * Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * firefox: stored passwords in 'Saved Logins' can be copied without master password entry (CVE-2019-11733) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) -- SL6 x86_64 firefox-60.9.0-1.el6_10.x86_64.rpm firefox-debuginfo-60.9.0-1.el6_10.x86_64.rpm firefox-60.9.0-1.el6_10.i686.rpm firefox-debuginfo-60.9.0-1.el6_10.i686.rpm i386 firefox-60.9.0-1.el6_10.i686.rpm firefox-debuginfo-60.9.0-1.el6_10.i686.rpm - Scientific Linux Development Team