Scientific Linux Security Update : firefox on SL6.x i386/x86_64
High Nessus Plugin ID 125447
Synopsis
The remote Scientific Linux host is missing one or more security updates.
Description
Security Fix(es) :
- Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)
- Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)
- Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)
- Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)
- Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)
- Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)
- Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)
- Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)
- Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)
- mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)
- chromium-browser: Out of bounds read in Skia (CVE-2019-5798)
- Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)
- libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
Solution
Update the affected firefox and / or firefox-debuginfo packages.