firefox-68.2.0-4.0.1.AXS4

エラータID: AXSA:2019-4386:06

Release date: 
Friday, November 15, 2019 - 14:48
Subject: 
firefox-68.2.0-4.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.2.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764)

* Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757)

* Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758)

* Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759)

* Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760)

* Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761)

* Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762)

* Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-11757
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11758
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11759
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11760
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11761
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11762
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11763
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11764
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2019-11757
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11758
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11759
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11760
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11761
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11762
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11763
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2019-11764
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-68.2.0-4.0.1.AXS4.src.rpm
    MD5: 28d926b4907511c5d9d8863468563f10
    SHA-256: 662c905dce57014cd45b3389fd54d1134b0f008ec6ad9eabbf0083dfc716d55b
    Size: 504.01 MB

Asianux Server 4 for x86
  1. firefox-68.2.0-4.0.1.AXS4.i686.rpm
    MD5: 5ef4d3722e3343e0078069f795557d95
    SHA-256: 94d6a2ef1668f6ff32a4e10df98553f15f991c366603c1d499bd1c5afac5bbbf
    Size: 118.18 MB

Asianux Server 4 for x86_64
  1. firefox-68.2.0-4.0.1.AXS4.x86_64.rpm
    MD5: 5684e812e785e7310fdb337c6d29798d
    SHA-256: 7be2500a6604c320d6cec047320353bd0d6c98c110b8d41bcae3e4c172984b48
    Size: 118.27 MB
  2. firefox-68.2.0-4.0.1.AXS4.i686.rpm
    MD5: 5ef4d3722e3343e0078069f795557d95
    SHA-256: 94d6a2ef1668f6ff32a4e10df98553f15f991c366603c1d499bd1c5afac5bbbf
    Size: 118.18 MB