Updated firefox packages fix security vulnerabilities

2019-12-0821:12:18

Gentoo Foundation

advisories.mageia.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.014 Low

EPSS

Percentile

86.4%

JSON

Updated firefox packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. (CVE-2019-13722) Buffer overflow in plain text serializer. (CVE-2019-17005) Use-after-free in worker destruction. (CVE-2019-17008) Updater temporary files accessible to unprivileged processes. (CVE-2019-17009) Use-after-free when performing device orientation checks. (CVE-2019-17010) Use-after-free when retrieving a document in antitracking. (CVE-2019-17011) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3. (CVE-2019-17012)

OSVersionArchitecturePackageVersionFilename
Mageia7noarchfirefox< 68.3.0-1firefox-68.3.0-1.mga7
Mageia7noarchfirefox-l10n< 68.3.0-1firefox-l10n-68.3.0-1.mga7
Mageia7noarchnspr< 4.24-1nspr-4.24-1.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	firefox	< 68.3.0-1	firefox-68.3.0-1.mga7
Mageia	7	noarch	firefox-l10n	< 68.3.0-1	firefox-l10n-68.3.0-1.mga7
Mageia	7	noarch	nspr	< 4.24-1	nspr-4.24-1.mga7