Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.14173.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:14173-1)
Summary:The remote host is missing an update for the 'MozillaFirefox, firefox-glib2, firefox-gtk3' package(s) announced via the SUSE-SU-2019:14173-1 advisory.
Description:Summary:
The remote host is missing an update for the 'MozillaFirefox, firefox-glib2, firefox-gtk3' package(s) announced via the SUSE-SU-2019:14173-1 advisory.

Vulnerability Insight:
This update for MozillaFirefox, firefox-glib2, firefox-gtk3 fixes the following issues:

Mozilla Firefox was updated to the 60.9.0esr release:

Security Advisory MFSA 2019-27:
Use-after-free while manipulating video CVE-2019-11746 (bmo#1564449,
bsc#1149297)

XSS by breaking out of title and textarea elements using innerHTML
CVE-2019-11744 (bmo#1562033, bsc#1149297)

Same-origin policy violation with SVG filters and canvas to steal
cross-origin images CVE-2019-11742 (bmo#1559715, bsc#1149303)

Privilege escalation with Mozilla Maintenance Service in custom Firefox
installation location CVE-2019-11753 (bmo#1574980, bsc#1149295)

Use-after-free while extracting a key value in IndexedDB CVE-2019-11752
(bmo#1501152, bsc#1149296)

Sandbox escape through Firefox Sync CVE-2019-9812 (bmo#1538008,
bmo#1538015, bsc#1149294)

Cross-origin access to unload event attributes CVE-2019-11743
(bmo#1560495, bsc#1149298) Navigation-Timing Level 2 specification

Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
ESR 60.9 CVE-2019-11740 (bmo#1563133, bmo#1573160, bsc#1149299)
Rebuild glib2 schemas on SLE-11 (bsc#1145550)

Changes in firefox-glib2:
Fix the rpm macros %glib2_gsettings_schema_* which were replaced with
%nil in Factory because they're no longer needed, but we still need them
in SLE11 (bsc#1145550)

Changes in firefox-gtk3:
Rebuild so %glib2_gsettings_schema_post gets called with fixed rpm
macros %glib2_gsettings_schema_* in firefox-glib2 package which were
replaced with %nil in Factory because they're no longer needed, but we
still need them in SLE11 (bsc#1145550)

Affected Software/OS:
'MozillaFirefox, firefox-glib2, firefox-gtk3' package(s) on SUSE Linux Enterprise Server 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9812
https://bugzilla.mozilla.org/show_bug.cgi?id=1538015
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.