AXSA:2019-3929:04

Release date: 
Tuesday, July 16, 2019 - 04:55
Subject: 
firefox-60.8.0-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 60.8.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709)

* Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811)

* Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711)

* Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712)

* Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713)

* Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715)

* Mozilla: Caret character improperly escaped in origins (CVE-2019-11717)

* Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-11709
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11711
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11712
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11713

CVE-2019-11715
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11717
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11730
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-9811
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-60.8.0-1.0.1.AXS4.src.rpm
    MD5: 89b6c9f3a820972a6272490b657e3ca9
    SHA-256: adb38b6a33ecff78174f8f0ed4b609cc0c95791d2a13e320f41aed8bea276b02
    Size: 416.96 MB

Asianux Server 4 for x86
  1. firefox-60.8.0-1.0.1.AXS4.i686.rpm
    MD5: 6592db23917b7bf33b11f90fe3fef16d
    SHA-256: eefcb0c76017ddbc5260e3d451ce0e9a9497a28b14df810bb8c59adac4965c44
    Size: 115.06 MB

Asianux Server 4 for x86_64
  1. firefox-60.8.0-1.0.1.AXS4.x86_64.rpm
    MD5: c325385931f747cd5be798f6b3b5e250
    SHA-256: 895979676beb2602aa82fc0b162ac976d81bc155f3e9da90b2b329d35eacd15e
    Size: 115.28 MB
  2. firefox-60.8.0-1.0.1.AXS4.i686.rpm
    MD5: 6592db23917b7bf33b11f90fe3fef16d
    SHA-256: eefcb0c76017ddbc5260e3d451ce0e9a9497a28b14df810bb8c59adac4965c44
    Size: 115.06 MB
Copyright© 2007-2015 Asianux. All rights reserved.