File _patchinfo of Package patchinfo.13054

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.13054

<patchinfo incident="13054">
  <issue tracker="bnc" id="1149429">VUL-0: CVE-2019-15903: expat: crafted XML input results in heap-based buffer over-read by  fooling the parser into changing from DTD parsing to document parsing</issue>
  <issue tracker="bnc" id="1010399">VUL-0: CVE-2016-5292: MozillaFirefox: URL parsing causes crash</issue>
  <issue tracker="bnc" id="1010405">VUL-0: CVE-2016-9067,CVE-2016-9069: MozillaFirefox: heap-use-after-free in nsINode::ReplaceOrInsertBefore</issue>
  <issue tracker="bnc" id="1010406">VUL-0: CVE-2016-9068: MozillaFirefox: heap-use-after-free in nsRefreshDriver</issue>
  <issue tracker="bnc" id="1010408">VUL-0: CVE-2016-9075: MozillaFirefox: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges</issue>
  <issue tracker="bnc" id="1010409">VUL-0: CVE-2016-9077: MozillaFirefox: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them</issue>
  <issue tracker="bnc" id="1010421">VUL-0: CVE-2016-9073: MozillaFirefox: windows.create schema doesn't specify "format" "relativeUrl"</issue>
  <issue tracker="bnc" id="1010423">VUL-0: CVE-2016-9076: MozillaFirefox: select dropdown menu can be used for URL bar spoofing on e10s</issue>
  <issue tracker="bnc" id="1010424">VUL-0: CVE-2016-9063: MozillaFirefox: Possible integer overflow to fix inside XML_Parse in Expat</issue>
  <issue tracker="bnc" id="1010425">VUL-0: CVE-2016-9071: MozillaFirefox: Probe browser history via HSTS/301 redirect + CSP</issue>
  <issue tracker="bnc" id="1010426">VUL-0: CVE-2016-5289: MozillaFirefox: Memory safety bugs fixed in Firefox 50</issue>
  <issue tracker="bnc" id="1025108">Firefox stops loading page until mouse is moved</issue>
  <issue tracker="bnc" id="1043008">Firefox hangs randomly when browsing and scrolling</issue>
  <issue tracker="bnc" id="1047281">VUL-0: CVE-2017-7789: MozillaFirefox: Firefox ignores Strict-Transport-Security when two more STS headers aresent from server</issue>
  <issue tracker="bnc" id="1074235">MozillaFirefox: background tab crash reports sent inadvertently without user opt-in</issue>
  <issue tracker="bnc" id="1092611">VUL-0: MozillaFirefox: 52.8/60 (MFSA-2018-11 MFSA-2018-12)</issue>
  <issue tracker="bnc" id="1120374">SLED12SP3 - Wrong Firefox GUI Language (Firefox ESR 60.4.0)</issue>
  <issue tracker="bnc" id="1137990">Firefox 60.7 ESR changed the user interface language</issue>
  <issue tracker="bnc" id="1154738">VUL-0: MozillaFirefox, MozillaThunderbird: Update Firefox and Thunderbird to 68.2 esr (MFSA 2019-33)</issue>
  <issue tracker="bnc" id="959933">Firefox 38 can't play website mp3 sounds</issue>
  <issue tracker="bnc" id="983922">VUL-0: CVE-2016-2830: MozillaFirefox: Favicon network connection persists when page is closed</issue>
  <issue tracker="cve" id="2016-2830"/>
  <issue tracker="cve" id="2016-5289"/>
  <issue tracker="cve" id="2016-5292"/>
  <issue tracker="cve" id="2016-9063"/>
  <issue tracker="cve" id="2016-9067"/>
  <issue tracker="cve" id="2016-9068"/>
  <issue tracker="cve" id="2016-9069"/>
  <issue tracker="cve" id="2016-9071"/>
  <issue tracker="cve" id="2016-9073"/>
  <issue tracker="cve" id="2016-9075"/>
  <issue tracker="cve" id="2016-9076"/>
  <issue tracker="cve" id="2016-9077"/>
  <issue tracker="cve" id="2017-7789"/>
  <issue tracker="cve" id="2018-5150"/>
  <issue tracker="cve" id="2018-5151"/>
  <issue tracker="cve" id="2018-5152"/>
  <issue tracker="cve" id="2018-5153"/>
  <issue tracker="cve" id="2018-5154"/>
  <issue tracker="cve" id="2018-5155"/>
  <issue tracker="cve" id="2018-5157"/>
  <issue tracker="cve" id="2018-5158"/>
  <issue tracker="cve" id="2018-5159"/>
  <issue tracker="cve" id="2018-5160"/>
  <issue tracker="cve" id="2018-5163"/>
  <issue tracker="cve" id="2018-5164"/>
  <issue tracker="cve" id="2018-5165"/>
  <issue tracker="cve" id="2018-5166"/>
  <issue tracker="cve" id="2018-5167"/>
  <issue tracker="cve" id="2018-5168"/>
  <issue tracker="cve" id="2018-5169"/>
  <issue tracker="cve" id="2018-5172"/>
  <issue tracker="cve" id="2018-5173"/>
  <issue tracker="cve" id="2018-5174"/>
  <issue tracker="cve" id="2018-5175"/>
  <issue tracker="cve" id="2018-5176"/>
  <issue tracker="cve" id="2018-5177"/>
  <issue tracker="cve" id="2018-5178"/>
  <issue tracker="cve" id="2018-5179"/>
  <issue tracker="cve" id="2018-5180"/>
  <issue tracker="cve" id="2018-5181"/>
  <issue tracker="cve" id="2018-5182"/>
  <issue tracker="cve" id="2018-5183"/>
  <issue tracker="cve" id="2019-11757"/>
  <issue tracker="cve" id="2019-11758"/>
  <issue tracker="cve" id="2019-11759"/>
  <issue tracker="cve" id="2019-11760"/>
  <issue tracker="cve" id="2019-11761"/>
  <issue tracker="cve" id="2019-11762"/>
  <issue tracker="cve" id="2019-11763"/>
  <issue tracker="cve" id="2019-11764"/>
  <issue tracker="cve" id="2019-15903"/>
  <packager>cgrobertson</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox to 68.2.0 ESR fixes the following issues:

Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738).

Security issues fixed:

-  CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429).
-  CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738).
-  CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738).
-  CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738).
-  CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738).
-  CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738).
-  CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).
-  CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).
-  CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).

Non-security issues fixed:

- Firefox 60.7 ESR changed the user interface language (bsc#1137990).
- Wrong Firefox GUI Language (bsc#1120374).
- Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235).
- Firefox hangs randomly when browsing and scrolling (bsc#1043008).
- Firefox stops loading page until mouse is moved (bsc#1025108).
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.13054

Places