{"id":"MGASA-2019-0116","summary":"Updated firefox packages fix security vulnerability","details":"Proxy Auto-Configuration file can define localhost access to be proxied\n(CVE-2018-18506).\n\nMemory safety bugs fixed in Firefox 66 and Firefox ESR 60.6\n(CVE-2019-9788).\n\nUse-after-free when removing in-use DOM elements (CVE-2019-9790).\n\nType inference is incorrect for constructors entered through on-stack\nreplacement with IonMonkey (CVE-2019-9791).\n\nIonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792).\n\nImproper bounds checks when Spectre mitigations are disabled\n(CVE-2019-9793).\n\nType-confusion in IonMonkey JIT compiler (CVE-2019-9795).\n\nUse-after-free with SMIL animation controller (CVE-2019-9796).\n","modified":"2026-02-04T02:20:15.401810Z","published":"2019-03-21T16:36:46Z","related":["CVE-2018-18506","CVE-2019-9788","CVE-2019-9790","CVE-2019-9791","CVE-2019-9792","CVE-2019-9793","CVE-2019-9795","CVE-2019-9796"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0116.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24534"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2019:0622"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.6.0-2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0116.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.6.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0116.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.21-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0116.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20190306.00-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0116.json"}},{"package":{"name":"nss","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.36.7-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0116.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}