Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
-
Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872)
-
CVE-2019-11708: Fix sandbox escape using Prompt:Open.
- Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.
Список пакетов
SUSE Enterprise Storage 4
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-devel-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Enterprise Storage 5
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Desktop 12 SP3
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Desktop 12 SP4
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Server 12 SP1-LTSS
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-devel-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Server 12 SP2-BCL
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-devel-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Server 12 SP2-LTSS
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-devel-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Server 12 SP3
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Server 12 SP3-LTSS
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Server 12 SP4
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Server 12-LTSS
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-devel-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-devel-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-devel-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Linux Enterprise Software Development Kit 12 SP3
MozillaFirefox-devel-60.7.2-109.80.1
SUSE Linux Enterprise Software Development Kit 12 SP4
MozillaFirefox-devel-60.7.2-109.80.1
SUSE OpenStack Cloud 7
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-devel-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE OpenStack Cloud 8
MozillaFirefox-60.7.2-109.80.1
MozillaFirefox-translations-common-60.7.2-109.80.1
Ссылки
- Link for SUSE-SU-2019:1684-1
- E-Mail link for SUSE-SU-2019:1684-1
- SUSE Security Ratings
- SUSE Bug 1138872
- SUSE CVE CVE-2019-11708 page
Описание
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
Затронутые продукты
SUSE Enterprise Storage 4:MozillaFirefox-60.7.2-109.80.1
SUSE Enterprise Storage 4:MozillaFirefox-devel-60.7.2-109.80.1
SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.7.2-109.80.1
SUSE Enterprise Storage 5:MozillaFirefox-60.7.2-109.80.1
Ссылки
- CVE-2019-11708
- SUSE Bug 1138872