File _patchinfo of Package patchinfo.13054
<patchinfo incident="13054"> <issue tracker="bnc" id="1149429">VUL-0: CVE-2019-15903: expat: crafted XML input results in heap-based buffer over-read by fooling the parser into changing from DTD parsing to document parsing</issue> <issue tracker="bnc" id="1010399">VUL-0: CVE-2016-5292: MozillaFirefox: URL parsing causes crash</issue> <issue tracker="bnc" id="1010405">VUL-0: CVE-2016-9067,CVE-2016-9069: MozillaFirefox: heap-use-after-free in nsINode::ReplaceOrInsertBefore</issue> <issue tracker="bnc" id="1010406">VUL-0: CVE-2016-9068: MozillaFirefox: heap-use-after-free in nsRefreshDriver</issue> <issue tracker="bnc" id="1010408">VUL-0: CVE-2016-9075: MozillaFirefox: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges</issue> <issue tracker="bnc" id="1010409">VUL-0: CVE-2016-9077: MozillaFirefox: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them</issue> <issue tracker="bnc" id="1010421">VUL-0: CVE-2016-9073: MozillaFirefox: windows.create schema doesn't specify "format" "relativeUrl"</issue> <issue tracker="bnc" id="1010423">VUL-0: CVE-2016-9076: MozillaFirefox: select dropdown menu can be used for URL bar spoofing on e10s</issue> <issue tracker="bnc" id="1010424">VUL-0: CVE-2016-9063: MozillaFirefox: Possible integer overflow to fix inside XML_Parse in Expat</issue> <issue tracker="bnc" id="1010425">VUL-0: CVE-2016-9071: MozillaFirefox: Probe browser history via HSTS/301 redirect + CSP</issue> <issue tracker="bnc" id="1010426">VUL-0: CVE-2016-5289: MozillaFirefox: Memory safety bugs fixed in Firefox 50</issue> <issue tracker="bnc" id="1025108">Firefox stops loading page until mouse is moved</issue> <issue tracker="bnc" id="1043008">Firefox hangs randomly when browsing and scrolling</issue> <issue tracker="bnc" id="1047281">VUL-0: CVE-2017-7789: MozillaFirefox: Firefox ignores Strict-Transport-Security when two more STS headers aresent from server</issue> <issue tracker="bnc" id="1074235">MozillaFirefox: background tab crash reports sent inadvertently without user opt-in</issue> <issue tracker="bnc" id="1092611">VUL-0: MozillaFirefox: 52.8/60 (MFSA-2018-11 MFSA-2018-12)</issue> <issue tracker="bnc" id="1120374">SLED12SP3 - Wrong Firefox GUI Language (Firefox ESR 60.4.0)</issue> <issue tracker="bnc" id="1137990">Firefox 60.7 ESR changed the user interface language</issue> <issue tracker="bnc" id="1154738">VUL-0: MozillaFirefox, MozillaThunderbird: Update Firefox and Thunderbird to 68.2 esr (MFSA 2019-33)</issue> <issue tracker="bnc" id="959933">Firefox 38 can't play website mp3 sounds</issue> <issue tracker="bnc" id="983922">VUL-0: CVE-2016-2830: MozillaFirefox: Favicon network connection persists when page is closed</issue> <issue tracker="cve" id="2016-2830"/> <issue tracker="cve" id="2016-5289"/> <issue tracker="cve" id="2016-5292"/> <issue tracker="cve" id="2016-9063"/> <issue tracker="cve" id="2016-9067"/> <issue tracker="cve" id="2016-9068"/> <issue tracker="cve" id="2016-9069"/> <issue tracker="cve" id="2016-9071"/> <issue tracker="cve" id="2016-9073"/> <issue tracker="cve" id="2016-9075"/> <issue tracker="cve" id="2016-9076"/> <issue tracker="cve" id="2016-9077"/> <issue tracker="cve" id="2017-7789"/> <issue tracker="cve" id="2018-5150"/> <issue tracker="cve" id="2018-5151"/> <issue tracker="cve" id="2018-5152"/> <issue tracker="cve" id="2018-5153"/> <issue tracker="cve" id="2018-5154"/> <issue tracker="cve" id="2018-5155"/> <issue tracker="cve" id="2018-5157"/> <issue tracker="cve" id="2018-5158"/> <issue tracker="cve" id="2018-5159"/> <issue tracker="cve" id="2018-5160"/> <issue tracker="cve" id="2018-5163"/> <issue tracker="cve" id="2018-5164"/> <issue tracker="cve" id="2018-5165"/> <issue tracker="cve" id="2018-5166"/> <issue tracker="cve" id="2018-5167"/> <issue tracker="cve" id="2018-5168"/> <issue tracker="cve" id="2018-5169"/> <issue tracker="cve" id="2018-5172"/> <issue tracker="cve" id="2018-5173"/> <issue tracker="cve" id="2018-5174"/> <issue tracker="cve" id="2018-5175"/> <issue tracker="cve" id="2018-5176"/> <issue tracker="cve" id="2018-5177"/> <issue tracker="cve" id="2018-5178"/> <issue tracker="cve" id="2018-5179"/> <issue tracker="cve" id="2018-5180"/> <issue tracker="cve" id="2018-5181"/> <issue tracker="cve" id="2018-5182"/> <issue tracker="cve" id="2018-5183"/> <issue tracker="cve" id="2019-11757"/> <issue tracker="cve" id="2019-11758"/> <issue tracker="cve" id="2019-11759"/> <issue tracker="cve" id="2019-11760"/> <issue tracker="cve" id="2019-11761"/> <issue tracker="cve" id="2019-11762"/> <issue tracker="cve" id="2019-11763"/> <issue tracker="cve" id="2019-11764"/> <issue tracker="cve" id="2019-15903"/> <packager>cgrobertson</packager> <rating>important</rating> <category>security</category> <summary>Security update for MozillaFirefox</summary> <description>This update for MozillaFirefox to 68.2.0 ESR fixes the following issues: Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738). Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Firefox 60.7 ESR changed the user interface language (bsc#1137990). - Wrong Firefox GUI Language (bsc#1120374). - Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235). - Firefox hangs randomly when browsing and scrolling (bsc#1043008). - Firefox stops loading page until mouse is moved (bsc#1025108). </description> </patchinfo>
