You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa MozillaFirefox

Sigurnosni nedostaci programskog paketa MozillaFirefox

openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1077-1
Rating: important
References: #1129821 #1130262
Cross-References: CVE-2018-18506 CVE-2019-9788 CVE-2019-9790
CVE-2019-9791 CVE-2019-9792 CVE-2019-9793
CVE-2019-9794 CVE-2019-9795 CVE-2019-9796
CVE-2019-9810 CVE-2019-9813
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 11 vulnerabilities is now available.

Description:

This update for MozillaFirefox fixes the following issues:

Mozilla Firefox was updated to 60.6.1esr / MFSA 2019-10 (bsc#1130262)

* CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
* CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations

Mozilla Firefox was updated to 60.6.0esr / MFSA 2019-08 (boo#1129821)

* CVE-2019-9790: Use-after-free when removing in-use DOM elements
* CVE-2019-9791: Type inference is incorrect for constructors entered
through on-stack replacement with IonMonkey
* CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
* CVE-2019-9793: Improper bounds checks when Spectre mitigations are
disabled
* CVE-2019-9794: Command line arguments not discarded during execution
* CVE-2019-9795: Type-confusion in IonMonkey JIT compiler
* CVE-2019-9796: Use-after-free with SMIL animation controller
* CVE-2018-18506: Proxy Auto-Configuration file can define localhost
access to be proxied
* CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR
60.6

Mozilla Firefox 60.5.2esr also had one change:

* Fix a frequent crash when reading various Reuters news articles.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1077=1

Package List:

– openSUSE Leap 15.0 (x86_64):

MozillaFirefox-60.6.1-lp150.3.45.1
MozillaFirefox-branding-upstream-60.6.1-lp150.3.45.1
MozillaFirefox-buildsymbols-60.6.1-lp150.3.45.1
MozillaFirefox-debuginfo-60.6.1-lp150.3.45.1
MozillaFirefox-debugsource-60.6.1-lp150.3.45.1
MozillaFirefox-devel-60.6.1-lp150.3.45.1
MozillaFirefox-translations-common-60.6.1-lp150.3.45.1
MozillaFirefox-translations-other-60.6.1-lp150.3.45.1

References:

https://www.suse.com/security/cve/CVE-2018-18506.html
https://www.suse.com/security/cve/CVE-2019-9788.html
https://www.suse.com/security/cve/CVE-2019-9790.html
https://www.suse.com/security/cve/CVE-2019-9791.html
https://www.suse.com/security/cve/CVE-2019-9792.html
https://www.suse.com/security/cve/CVE-2019-9793.html
https://www.suse.com/security/cve/CVE-2019-9794.html
https://www.suse.com/security/cve/CVE-2019-9795.html
https://www.suse.com/security/cve/CVE-2019-9796.html
https://www.suse.com/security/cve/CVE-2019-9810.html
https://www.suse.com/security/cve/CVE-2019-9813.html
https://bugzilla.suse.com/1129821
https://bugzilla.suse.com/1130262


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Ranjivost Cisco IOS XE softvera

Otkrivena je ranjivost kod Easy Virtual Switching System (VSS) Cisco IOS XE softvera na Catalyst 4500 seriji preklopnika. Ranjivost je...

Close