MGASA-2019-0268

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0268.html

Import Source

https://advisories.mageia.org/MGASA-2019-0268.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0268

Related

Published

2019-09-12T19:09:52Z

Modified

2019-09-12T18:18:10Z

Summary

Updated firefox packages fix security vulnerabilities

Details

The updated packages fix several bugs and some security issues:

Sandbox escape through Firefox Sync. (CVE-2019-9812)

Stored passwords in 'Saved Logins' can be copied without master password entry. (CVE-2019-11733)

Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. (CVE-2019-11735)

File manipulation and privilege escalation in Mozilla Maintenance Service. (CVE-2019-11736)

Content security policy bypass through hash-based sources in directives. (CVE-2019-11738)

Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. (CVE-2019-11740)

Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742)

Cross-origin access to unload event attributes. (CVE-2019-11743)

XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744)

Use-after-free while manipulating video. (CVE-2019-11746)

'Forget about this site' removes sites from pre-loaded HSTS list. (CVE-2019-11747)

Persistence of WebRTC permissions in a third party context. (CVE-2019-11748)

Camera information available without prompting using getUserMedia. (CVE-2019-11749)

Type confusion in Spidermonkey. (CVE-2019-11750)

Malicious code execution through command line parameters. (CVE-2019-11751)

Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752)

Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (CVE-2019-11753)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

68.1.0-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

68.1.0-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20190820.00-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / nspr

Package

Name: nspr
Purl: pkg:rpm/mageia/nspr?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.22-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.46.0-1.mga7

Ecosystem specific

{
    "section": "core"
}