SUSE-SU-2019:2871-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89050847 | Date: (C)2023-10-16 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox: Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library . - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB . - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security . - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output . - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking . - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object . - CVE-2019-11762: Fixed a same-origin-property violation . - CVE-2019-11763: Fixed an XSS bypass . - CVE-2019-11764: Fixed several memory safety bugs . Non-security issues fixed: - Added Provides-line for translations-common . - Moved some settings from branding-package here . - Disabled DoH by default. Changes in MozillaFirefox-branding-SLE: - Moved extensions preferences to core package .
Platform: |
SUSE Linux Enterprise Desktop 15 |
SUSE Linux Enterprise Desktop 15 SP1 |