SUSE-SU-2019:14173-1 -- SLES firefox, libfirefox-gio-2_0-0, libfirefox-glib-2_0-0, libfirefox-gmodule-2_0-0, libfirefox-gobject-2_0-0, libfirefox-gthread-2_0-0ID: oval:org.secpod.oval:def:89043667 | Date: (C)2021-03-05 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for MozillaFirefox, firefox-glib2, firefox-gtk3 fixes the following issues: Mozilla Firefox was updated to the 60.9.0esr release: Security Advisory MFSA 2019-27: * Use-after-free while manipulating video CVE-2019-11746 * XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11744 * Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11742 * Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location CVE-2019-11753 * Use-after-free while extracting a key value in IndexedDB CVE-2019-11752 * Sandbox escape through Firefox Sync CVE-2019-9812 * Cross-origin access to unload event attributes CVE-2019-11743 Navigation-Timing Level 2 specification * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 CVE-2019-11740 - Rebuild glib2 schemas on SLE-11 Changes in firefox-glib2: - Fix the rpm macros %glib2_gsettings_schema_* which were replaced with %nil in Factory because they"re no longer needed, but we still need them in SLE11 Changes in firefox-gtk3: - Rebuild so %glib2_gsettings_schema_post gets called with fixed rpm macros %glib2_gsettings_schema_* in firefox-glib2 package which were replaced with %nil in Factory because they"re no longer needed, but we still need them in SLE11
Platform: |
SUSE Linux Enterprise Server 11 SP4 |
Product: |
firefox |
libfirefox-gio-2_0-0 |
libfirefox-glib-2_0-0 |
libfirefox-gmodule-2_0-0 |
libfirefox-gobject-2_0-0 |
libfirefox-gthread-2_0-0 |