{"id":"MGASA-2019-0267","summary":"Updated firefox packages fix security vulnerabilities","details":"The updated packages fix several bugs and some security issues:\n\nSandbox escape through Firefox Sync. (CVE-2019-9812)\n\nMemory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox\nESR 60.9. (CVE-2019-11740)\n\nSame-origin policy violation with SVG filters and canvas to steal\ncross-origin images. (CVE-2019-11742)\n\nCross-origin access to unload event attributes. (CVE-2019-11743)\n\nXSS by breaking out of title and textarea elements using innerHTML.\n(CVE-2019-11744)\n\nUse-after-free while manipulating video. (CVE-2019-11746)\n\nUse-after-free while extracting a key value in IndexedDB. (CVE-2019-11752)\n\nPrivilege escalation with Mozilla Maintenance Service in custom Firefox\ninstallation location. (CVE-2019-11753)\n","modified":"2026-04-16T04:42:11.317112174Z","published":"2019-09-12T19:09:52Z","upstream":["CVE-2019-11740","CVE-2019-11742","CVE-2019-11743","CVE-2019-11744","CVE-2019-11746","CVE-2019-11752","CVE-2019-11753","CVE-2019-9812"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0267.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25359"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/60.9.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/"},{"type":"WEB","url":"https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt"},{"type":"WEB","url":"https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.9.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0267.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.9.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0267.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20190820.00-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0267.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.22-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0267.json"}},{"package":{"name":"nss","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.36.8-1.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0267.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}