Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:0248-1

Опубликовано: 23 мар. 2019
Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox to version 60.5.1esr fixes the following issues:

Security vulnerabilities addressed (MFSA-2019-05, boo#1125330):

  • CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library that could occur when creating a path, leading to a potentially exploitable crash.
  • CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library that could occur after specific transform operations, leading to a potentially exploitable crash.

Список пакетов

openSUSE Leap 15.0
MozillaFirefox-60.5.1-lp150.3.39.2
MozillaFirefox-branding-upstream-60.5.1-lp150.3.39.2
MozillaFirefox-buildsymbols-60.5.1-lp150.3.39.2
MozillaFirefox-devel-60.5.1-lp150.3.39.2
MozillaFirefox-translations-common-60.5.1-lp150.3.39.2
MozillaFirefox-translations-other-60.5.1-lp150.3.39.2

Ссылки

Описание

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
openSUSE Leap 15.0:MozillaFirefox-60.5.1-lp150.3.39.2
openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.5.1-lp150.3.39.2
openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.5.1-lp150.3.39.2
openSUSE Leap 15.0:MozillaFirefox-devel-60.5.1-lp150.3.39.2
Ссылки

Описание

Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Затронутые продукты
openSUSE Leap 15.0:MozillaFirefox-60.5.1-lp150.3.39.2
openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.5.1-lp150.3.39.2
openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.5.1-lp150.3.39.2
openSUSE Leap 15.0:MozillaFirefox-devel-60.5.1-lp150.3.39.2
Ссылки
Уязвимость openSUSE-SU-2019:0248-1