SUSE-SU-2019:2436-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89003333 | Date: (C)2021-02-27 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for MozillaFirefox to ESR 60.9 fixes the following issues: Security issues fixed: - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. - CVE-2019-11746: Fixed a use-after-free while manipulating video. - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. - CVE-2019-11740: Fixed several memory safety bugs
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |