openSUSE-SU-2019:1077-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1077-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1077-1
- Upstream
- Related
- Published
- 2019-03-29T06:04:39Z
- Modified
- 2025-05-02T04:30:21.605369Z
- Summary
- Security update for MozillaFirefox
- Details
-
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated to 60.6.1esr / MFSA 2019-10 (bsc#1130262)
- CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
- CVE-2019-9813: Ionmonkey type confusion with proto mutations
Mozilla Firefox was updated to 60.6.0esr / MFSA 2019-08 (boo#1129821)
- CVE-2019-9790: Use-after-free when removing in-use DOM elements
- CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
- CVE-2019-9792: IonMonkey leaks JSOPTIMIZEDOUT magic value to script
- CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled
- CVE-2019-9794: Command line arguments not discarded during execution
- CVE-2019-9795: Type-confusion in IonMonkey JIT compiler
- CVE-2019-9796: Use-after-free with SMIL animation controller
- CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied
- CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
Mozilla Firefox 60.5.2esr also had one change:
- Fix a frequent crash when reading various Reuters news articles.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F7O4DXUZQKWNDOD7CALQE6TV52NTY7NL/#F7O4DXUZQKWNDOD7CALQE6TV52NTY7NL
- https://bugzilla.suse.com/1129821
- https://bugzilla.suse.com/1130262
- https://www.suse.com/security/cve/CVE-2018-18506
- https://www.suse.com/security/cve/CVE-2019-9788
- https://www.suse.com/security/cve/CVE-2019-9790
- https://www.suse.com/security/cve/CVE-2019-9791
- https://www.suse.com/security/cve/CVE-2019-9792
- https://www.suse.com/security/cve/CVE-2019-9793
- https://www.suse.com/security/cve/CVE-2019-9794
- https://www.suse.com/security/cve/CVE-2019-9795
- https://www.suse.com/security/cve/CVE-2019-9796
- https://www.suse.com/security/cve/CVE-2019-9810
- https://www.suse.com/security/cve/CVE-2019-9813
Affected packages
openSUSE:Leap 15.0 / MozillaFirefox
Package
- Name
- MozillaFirefox
- Purl
- pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed60.6.1-lp150.3.45.1
Ecosystem specific
{
"binaries": [
{
"MozillaFirefox-translations-common": "60.6.1-lp150.3.45.1",
"MozillaFirefox-devel": "60.6.1-lp150.3.45.1",
"MozillaFirefox-translations-other": "60.6.1-lp150.3.45.1",
"MozillaFirefox-buildsymbols": "60.6.1-lp150.3.45.1",
"MozillaFirefox": "60.6.1-lp150.3.45.1",
"MozillaFirefox-branding-upstream": "60.6.1-lp150.3.45.1"
}
]
}