openSUSE-SU-2019:1593-1

Опубликовано: 23 июн. 2019

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Mozilla Firefox 60.7.1esr was released to address MFSA 2019-18 (boo#1138614)

CVE-2019-11707: Fixed a type confusion in Array.pop

Список пакетов

openSUSE Leap 15.0

MozillaFirefox-60.7.2-lp150.3.59.1

MozillaFirefox-branding-upstream-60.7.2-lp150.3.59.1

MozillaFirefox-buildsymbols-60.7.2-lp150.3.59.1

MozillaFirefox-devel-60.7.2-lp150.3.59.1

MozillaFirefox-translations-common-60.7.2-lp150.3.59.1

MozillaFirefox-translations-other-60.7.2-lp150.3.59.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AVI7KKW6DTGF6PJHZEXDKEANATAFIDY5/#AVI7KKW6DTGF6PJHZEXDKEANATAFIDY5
E-Mail link for openSUSE-SU-2019:1593-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1138614
SUSE Bug 1138614
https://www.suse.com/security/cve/CVE-2019-11707/
SUSE CVE CVE-2019-11707 page

Описание

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.

Затронутые продукты

openSUSE Leap 15.0:MozillaFirefox-60.7.2-lp150.3.59.1

openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.2-lp150.3.59.1

openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.2-lp150.3.59.1

openSUSE Leap 15.0:MozillaFirefox-devel-60.7.2-lp150.3.59.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-11707.html
CVE-2019-11707
https://bugzilla.suse.com/1138614
SUSE Bug 1138614

openSUSE-SU-2019:1593-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-11707

Описание

Затронутые продукты

Ссылки