Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190523)

High Nessus Plugin ID 125447

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Security Fix(es) :

- Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)

- Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)

- Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)

- Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)

- Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)

- Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)

- Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)

- Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)

- Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)

- mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)

- chromium-browser: Out of bounds read in Skia (CVE-2019-5798)

- Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)

- libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)

Solution

Update the affected firefox and / or firefox-debuginfo packages.

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190523)

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information