This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues :

Changes in MozillaFirefox :

Security issues fixed :

  - CVE-2019-15903: Fixed a heap overflow in the expat     library (bsc#1149429).

  - CVE-2019-11757: Fixed a use-after-free when creating     index updates in IndexedDB (bsc#1154738).

  - CVE-2019-11758: Fixed a potentially exploitable crash     due to 360 Total Security (bsc#1154738).

  - CVE-2019-11759: Fixed a stack-based buffer overflow in     HKDF output (bsc#1154738).

  - CVE-2019-11760: Fixed a stack-based buffer overflow in     WebRTC networking (bsc#1154738).

  - CVE-2019-11761: Fixed an unintended access to a     privileged JSONView object (bsc#1154738).

  - CVE-2019-11762: Fixed a same-origin-property violation     (bsc#1154738).

  - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).

  - CVE-2019-11764: Fixed several memory safety bugs     (bsc#1154738).

Non-security issues fixed :

  - Added Provides-line for translations-common     (bsc#1153423) .

  - Moved some settings from branding-package here     (bsc#1153869).

  - Disabled DoH by default.

Changes in MozillaFirefox-branding-SLE :

  - Moved extensions preferences to core package     (bsc#1153869).

This update was imported from the SUSE:SLE-15:Update update project.

openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2459)

high Nessus Plugin ID 130890

No changelogs found