Описание
Security update for MozillaFirefox
This update for MozillaFirefox to version 60.7.1 fixes the following issues:
Security issue fixed:
- CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614)
Other issues addressed:
- Added the new Mozilla's GPG key expiring on 2021-05-29 to the mozilla.keyring file
- Fixed broken language plugins (bsc#1137792)
Список пакетов
Image SLES15-SAP-Azure-LI-BYOS-Production
MozillaFirefox-60.7.1-3.45.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-60.7.1-3.45.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
MozillaFirefox-60.7.1-3.45.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
MozillaFirefox-60.7.1-3.45.1
SUSE Linux Enterprise Module for Desktop Applications 15
MozillaFirefox-60.7.1-3.45.1
MozillaFirefox-devel-60.7.1-3.45.1
MozillaFirefox-translations-common-60.7.1-3.45.1
MozillaFirefox-translations-other-60.7.1-3.45.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
MozillaFirefox-60.7.1-3.45.1
MozillaFirefox-devel-60.7.1-3.45.1
MozillaFirefox-translations-common-60.7.1-3.45.1
MozillaFirefox-translations-other-60.7.1-3.45.1
Ссылки
- Link for SUSE-SU-2019:1629-1
- E-Mail link for SUSE-SU-2019:1629-1
- SUSE Security Ratings
- SUSE Bug 1137792
- SUSE Bug 1138614
- SUSE CVE CVE-2019-11707 page
Описание
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
Затронутые продукты
Image SLES15-SAP-Azure-LI-BYOS-Production:MozillaFirefox-60.7.1-3.45.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-60.7.1-3.45.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-60.7.1-3.45.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-60.7.1-3.45.1
Ссылки
- CVE-2019-11707
- SUSE Bug 1138614