CESA-2019:3281 -- centos 6 firefoxID: oval:org.secpod.oval:def:205385 | Date: (C)2019-10-28 (M)2024-05-16 |
Class: PATCH | Family: unix |
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index updates in IndexedDB * Mozilla: Potentially exploitable crash due to 360 Total Security * Mozilla: Stack buffer overflow in HKDF output * Mozilla: Stack buffer overflow in WebRTC networking * Mozilla: Unintended access to a privileged JSONView object * Mozilla: document.domain-based origin isolation has same-origin-property violation * Mozilla: Incorrect HTML parsing results in XSS bypass technique For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.