{"id":"MGASA-2020-0009","summary":"Updated mozjs60 packages fix security vulnerability","details":"The updated packages fix security vulnerabilities:\n\nA type confusion vulnerability can occur when manipulating JavaScript\nobjects due to issues in Array.pop. This can allow for an exploitable\ncrash. We are aware of targeted attacks in the wild abusing this flaw.\nThis vulnerability affects Firefox ESR \u003c 60.7.1, Firefox \u003c 67.0.3,\nand Thunderbird \u003c 60.7.2. (CVE-2019-11707)\n\nInsufficient vetting of parameters passed with the Prompt:Open IPC message\nbetween child and parent processes can result in the non-sandboxed parent\nprocess opening web content chosen by a compromised child process. When\ncombined with additional vulnerabilities this could result in executing\narbitrary code on the user's computer. This vulnerability affects Firefox\nESR \u003c 60.7.2, Firefox \u003c 67.0.4, and Thunderbird \u003c 60.7.2. (CVE-2019-11708)\n\nThe mozjs60 package has been updated to version 60.9.0, fixing these issues\nand other bugs. The gjs package has been rebuilt against the updated mozjs60.\n","modified":"2026-04-16T04:42:04.745687771Z","published":"2020-01-05T15:37:51Z","upstream":["CVE-2019-11707","CVE-2019-11708"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0009.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25910"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OS4TDQ75LLRCFOAXMPHTQE6XCPJGZQ6X/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZS2X4UWVWTNTNWOCAJYQO77GGSSI3H6K/"}],"affected":[{"package":{"name":"mozjs60","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/mozjs60?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.9.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0009.json"}},{"package":{"name":"gjs","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/gjs?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.56.2-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0009.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}