{"id":"MGASA-2019-0268","summary":"Updated firefox packages fix security vulnerabilities","details":"The updated packages fix several bugs and some security issues:\n\nSandbox escape through Firefox Sync. (CVE-2019-9812)\n\nStored passwords in 'Saved Logins' can be copied without master password\nentry. (CVE-2019-11733)\n\nMemory safety bugs fixed in Firefox 69 and Firefox ESR 68.1.\n(CVE-2019-11735)\n\nFile manipulation and privilege escalation in Mozilla Maintenance Service.\n(CVE-2019-11736)\n\nContent security policy bypass through hash-based sources in directives.\n(CVE-2019-11738)\n\nMemory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox\nESR 60.9. (CVE-2019-11740)\n\nSame-origin policy violation with SVG filters and canvas to steal\ncross-origin images. (CVE-2019-11742)\n\nCross-origin access to unload event attributes. (CVE-2019-11743)\n\nXSS by breaking out of title and textarea elements using innerHTML.\n(CVE-2019-11744)\n\nUse-after-free while manipulating video. (CVE-2019-11746)\n\n'Forget about this site' removes sites from pre-loaded HSTS list.\n(CVE-2019-11747)\n\nPersistence of WebRTC permissions in a third party context. (CVE-2019-11748)\n\nCamera information available without prompting using getUserMedia.\n(CVE-2019-11749)\n\nType confusion in Spidermonkey. (CVE-2019-11750)\n\nMalicious code execution through command line parameters. (CVE-2019-11751)\n\nUse-after-free while extracting a key value in IndexedDB. (CVE-2019-11752)\n\nPrivilege escalation with Mozilla Maintenance Service in custom Firefox\ninstallation location. (CVE-2019-11753)\n","modified":"2026-04-16T04:41:38.728164016Z","published":"2019-09-12T19:09:52Z","upstream":["CVE-2019-11733","CVE-2019-11735","CVE-2019-11736","CVE-2019-11738","CVE-2019-11740","CVE-2019-11742","CVE-2019-11743","CVE-2019-11744","CVE-2019-11746","CVE-2019-11747","CVE-2019-11748","CVE-2019-11749","CVE-2019-11750","CVE-2019-11751","CVE-2019-11752","CVE-2019-11753","CVE-2019-9812"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0268.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25359"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/68.0.1/releasenotes/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/68.0.2/releasenotes/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/68.1.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/"},{"type":"WEB","url":"https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt"},{"type":"WEB","url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"},{"type":"WEB","url":"https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2019:2663"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"68.1.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0268.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"68.1.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0268.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20190820.00-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0268.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.22-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0268.json"}},{"package":{"name":"nss","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.46.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0268.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}