openSUSE-SU-2019:1811-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1811-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1811-1
- Upstream
- Related
- Published
- 2019-07-29T09:15:52Z
- Modified
- 2025-05-07T18:10:28.161641Z
- Summary
- Security update for MozillaFirefox
- Details
-
This update for MozillaFirefox, mozilla-nss fixes the following issues:
MozillaFirefox to version ESR 60.8:
- CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868).
- CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868).
- CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868).
- CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868).
- CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868).
- CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868).
- CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868).
- CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868).
- CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868).
- CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868).
mozilla-nss to version 3.44.1:
- Added IPSEC IKE support to softoken
- Many new FIPS test cases
This update was imported from the SUSE:SLE-15:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NPELIQJSVPILKWICIZT35XKU63YJVM3B/#NPELIQJSVPILKWICIZT35XKU63YJVM3B
- https://bugzilla.suse.com/1140868
- https://www.suse.com/security/cve/CVE-2019-11709
- https://www.suse.com/security/cve/CVE-2019-11711
- https://www.suse.com/security/cve/CVE-2019-11712
- https://www.suse.com/security/cve/CVE-2019-11713
- https://www.suse.com/security/cve/CVE-2019-11715
- https://www.suse.com/security/cve/CVE-2019-11717
- https://www.suse.com/security/cve/CVE-2019-11719
- https://www.suse.com/security/cve/CVE-2019-11729
- https://www.suse.com/security/cve/CVE-2019-11730
- https://www.suse.com/security/cve/CVE-2019-9811
Affected packages
openSUSE:Leap 15.0 / mozilla-nss
Package
- Name
- mozilla-nss
- Purl
- pkg:rpm/opensuse/mozilla-nss&distro=openSUSE%20Leap%2015.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.44.1-lp150.2.24.1
Ecosystem specific
{
"binaries": [
{
"libsoftokn3": "3.44.1-lp150.2.24.1",
"mozilla-nss": "3.44.1-lp150.2.24.1",
"libsoftokn3-hmac-32bit": "3.44.1-lp150.2.24.1",
"mozilla-nss-sysinit-32bit": "3.44.1-lp150.2.24.1",
"libfreebl3-hmac": "3.44.1-lp150.2.24.1",
"mozilla-nss-certs-32bit": "3.44.1-lp150.2.24.1",
"libfreebl3-hmac-32bit": "3.44.1-lp150.2.24.1",
"libsoftokn3-hmac": "3.44.1-lp150.2.24.1",
"mozilla-nss-tools": "3.44.1-lp150.2.24.1",
"mozilla-nss-certs": "3.44.1-lp150.2.24.1",
"mozilla-nss-sysinit": "3.44.1-lp150.2.24.1",
"libfreebl3-32bit": "3.44.1-lp150.2.24.1",
"mozilla-nss-devel": "3.44.1-lp150.2.24.1",
"libsoftokn3-32bit": "3.44.1-lp150.2.24.1",
"libfreebl3": "3.44.1-lp150.2.24.1",
"mozilla-nss-32bit": "3.44.1-lp150.2.24.1"
}
]
}