ALT-PU-2019-3237-1
Package firefox-esr updated to version 68.3.0-alt1 for branch sisyphus in task 242314.
Closed vulnerabilities
BDU:2020-01389
Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибкой извлечения документа из DocShell, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-01390
Уязвимость программного обеспечения Firefox, Firefox ESR, Thunderbird, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2020-01649
Уязвимость механизма сериализации веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с отсутствием проверки размера вводимых данных при использовании буфера, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных
BDU:2020-01675
Уязвимость механизма идентификации по отпечатку пальца веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная использование области памяти после её освобождения, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных
BDU:2020-01797
Уязвимость механизма использования nested workers браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использование области памяти после её освобождения, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных
BDU:2020-01824
Уязвимость браузера Firefox, связанная с записью за границами буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
BDU:2022-05929
Уязвимость службы обновления браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird для Windows, позволяющая нарушителю записать файлы состояний и журнала в незащищенный каталог
Modified: 2024-11-21
CVE-2019-11745
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0002
- openSUSE-SU-2020:0002
- openSUSE-SU-2020:0008
- openSUSE-SU-2020:0008
- RHSA-2020:0243
- RHSA-2020:0243
- RHSA-2020:0466
- RHSA-2020:0466
- https://bugzilla.mozilla.org/show_bug.cgi?id=1586176
- https://bugzilla.mozilla.org/show_bug.cgi?id=1586176
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- [debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update
- [debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update
- GLSA-202003-02
- GLSA-202003-02
- GLSA-202003-10
- GLSA-202003-10
- GLSA-202003-37
- GLSA-202003-37
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
- USN-4241-1
- USN-4241-1
- USN-4335-1
- USN-4335-1
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
Modified: 2024-11-21
CVE-2019-13722
Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2019-17005
The plain text serializer used a fixed-size array for the number of
- elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0002
- openSUSE-SU-2020:0002
- RHSA-2020:0292
- RHSA-2020:0292
- RHSA-2020:0295
- RHSA-2020:0295
- https://bugzilla.mozilla.org/show_bug.cgi?id=1584170
- https://bugzilla.mozilla.org/show_bug.cgi?id=1584170
- GLSA-202003-02
- GLSA-202003-02
- GLSA-202003-10
- GLSA-202003-10
- USN-4241-1
- USN-4241-1
- USN-4335-1
- USN-4335-1
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
Modified: 2024-11-21
CVE-2019-17008
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0002
- openSUSE-SU-2020:0002
- RHSA-2020:0292
- RHSA-2020:0292
- RHSA-2020:0295
- RHSA-2020:0295
- https://bugzilla.mozilla.org/show_bug.cgi?id=1546331
- https://bugzilla.mozilla.org/show_bug.cgi?id=1546331
- GLSA-202003-02
- GLSA-202003-02
- GLSA-202003-10
- GLSA-202003-10
- USN-4241-1
- USN-4241-1
- USN-4335-1
- USN-4335-1
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
Modified: 2024-11-21
CVE-2019-17009
When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0002
- openSUSE-SU-2020:0002
- https://bugzilla.mozilla.org/show_bug.cgi?id=1510494
- https://bugzilla.mozilla.org/show_bug.cgi?id=1510494
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
Modified: 2024-11-21
CVE-2019-17010
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0002
- openSUSE-SU-2020:0002
- RHSA-2020:0292
- RHSA-2020:0292
- RHSA-2020:0295
- RHSA-2020:0295
- https://bugzilla.mozilla.org/show_bug.cgi?id=1581084
- https://bugzilla.mozilla.org/show_bug.cgi?id=1581084
- GLSA-202003-02
- GLSA-202003-02
- GLSA-202003-10
- GLSA-202003-10
- USN-4241-1
- USN-4241-1
- USN-4335-1
- USN-4335-1
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
Modified: 2024-11-21
CVE-2019-17011
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0002
- openSUSE-SU-2020:0002
- RHSA-2020:0292
- RHSA-2020:0292
- RHSA-2020:0295
- RHSA-2020:0295
- https://bugzilla.mozilla.org/show_bug.cgi?id=1591334
- https://bugzilla.mozilla.org/show_bug.cgi?id=1591334
- GLSA-202003-02
- GLSA-202003-02
- GLSA-202003-10
- GLSA-202003-10
- USN-4241-1
- USN-4241-1
- USN-4335-1
- USN-4335-1
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
Modified: 2024-11-21
CVE-2019-17012
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0003
- openSUSE-SU-2020:0002
- openSUSE-SU-2020:0002
- RHSA-2020:0292
- RHSA-2020:0292
- RHSA-2020:0295
- RHSA-2020:0295
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1449736%2C1533957%2C1560667%2C1567209%2C1580288%2C1585760%2C1592502
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1449736%2C1533957%2C1560667%2C1567209%2C1580288%2C1585760%2C1592502
- GLSA-202003-02
- GLSA-202003-02
- GLSA-202003-10
- GLSA-202003-10
- USN-4241-1
- USN-4241-1
- USN-4335-1
- USN-4335-1
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-38/
- https://www.mozilla.org/security/advisories/mfsa2019-38/