MGASA-2019-0211
- Source
- https://advisories.mageia.org/MGASA-2019-0211.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0211.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2019-0211
- Related
- Published
- 2019-07-21T18:17:27Z
- Modified
- 2019-07-21T12:41:36Z
- Summary
- Updated firefox packages fix security vulnerability
- Details
-
Sandbox escape via installation of malicious language pack. (CVE-2019-9811)
Script injection within domain through inner window reuse. (CVE-2019-11711)
Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. (CVE-2019-11712)
Use-after-free with HTTP/2 cached stream. (CVE-2019-11713)
Empty or malformed p256-ECDH public keys may trigger a segmentation fault. (CVE-2019-11729)
HTML parsing error can contribute to content XSS. (CVE-2019-11715)
Caret character improperly escaped in origins. (CVE-2019-11717)
Out-of-bounds read when importing curve25519 private key. (CVE-2019-11719)
Same-origin policy treats all files in a directory as having the same-origin. (CVE-2019-11730)
Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8. (CVE-2019-11709)
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/mageia/firefox?distro=mageia-6
Mageia:6 / firefox-l10n
Package
- Name
- firefox-l10n
- Purl
- pkg:rpm/mageia/firefox-l10n?distro=mageia-6
Mageia:6 / nss
Package
- Name
- nss
- Purl
- pkg:rpm/mageia/nss?distro=mageia-6
Mageia:6 / rootcerts
Package
- Name
- rootcerts
- Purl
- pkg:rpm/mageia/rootcerts?distro=mageia-6