firefox-60.7.2-1.0.1.AXS4

エラータID: AXSA:2019-3914:03

Release date: 
Wednesday, June 26, 2019 - 11:04
Subject: 
firefox-60.7.2-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

以下項目について対処しました。
[Security Fix]

- 現時点では CVE-2019-11707, CVE-2019-11708
の情報が公開されておりません。CVE の情報が公開
され次第情報をアップデートいたします。

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

Solution: 

パッケージをアップデートしてください。

CVEs: 
CVE-2019-11707
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
CVE-2019-11708
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-60.7.2-1.0.1.AXS4.src.rpm
    MD5: 633ec98d539aac97021faee5fb8f98fc
    SHA-256: cad2a32a9fadf1d0446d926663d5aeb981c0e7042215dc08563164d212a5ee89
    Size: 416.78 MB

Asianux Server 4 for x86
  1. firefox-60.7.2-1.0.1.AXS4.i686.rpm
    MD5: 8abafa00ed19303fed59dae81b549d0d
    SHA-256: 7374eb39faa69471a0c3aedc3d3ae0e38556e538a903b1390b5fe83348142e72
    Size: 115.04 MB

Asianux Server 4 for x86_64
  1. firefox-60.7.2-1.0.1.AXS4.x86_64.rpm
    MD5: 5dd6fd5cc4f8a05f01c82e73876b1b47
    SHA-256: a2b008c9ce862caf495352c41395fa6d0677fd89dedef5595100af43b2d1cdb2
    Size: 115.27 MB
  2. firefox-60.7.2-1.0.1.AXS4.i686.rpm
    MD5: 8abafa00ed19303fed59dae81b549d0d
    SHA-256: 7374eb39faa69471a0c3aedc3d3ae0e38556e538a903b1390b5fe83348142e72
    Size: 115.04 MB