Univention Bugzilla – Bug 50121
firefox-esr: Multiple issues (4.4)
Last modified: 2019-09-11 15:25:29 CEST
New Debian firefox-esr 60.9.0esr-1~deb9u1 fixes: This update addresses the following issues: * Sandbox escape through Firefox Sync (CVE-2019-9812) * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Cross-origin access to unload event attributes (CVE-2019-11743) * XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Use-after-free while manipulating video (CVE-2019-11746) * Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)
--- mirror/ftp/4.4/unmaintained/component/4.4-1-errata/source/firefox-esr_60.8.0esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-1/source/firefox-esr_60.9.0esr-1~deb9u1.dsc @@ -1,3 +1,10 @@ +60.9.0esr-1~deb9u1 [Wed, 04 Sep 2019 09:23:23 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + Fixes for mfsa2019-27, also known as: + CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752, + CVE-2019-9812, CVE-2019-11743, CVE-2019-11740. + 60.8.0esr-1~deb9u1 [Wed, 10 Jul 2019 07:13:23 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. <http://10.200.17.11/4.4-1/#9087694458253768939>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-1] 37c01c7cd6 Bug #50121: firefox-esr 60.9.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) [4.4-1] 89237947b4 Bug #50121: firefox-esr 60.9.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<http://errata.software-univention.de/ucs/4.4/254.html>