File _patchinfo of Package patchinfo.12540

<patchinfo incident="12540">
  <issue tracker="bnc" id="1149324">VUL-0: TRACKERBUG: MozillaFirefox: Firefox 69 Security Advisory 2019-25</issue>
  <issue tracker="bnc" id="1149298">VUL-0: CVE-2019-11743: MozillaFirefox: Cross-origin access to unload event attributes</issue>
  <issue tracker="bnc" id="1149303">VUL-0: CVE-2019-11742: MozillaFirefox: Same-origin policy violation with SVG filters and canvas to steal cross-origin images</issue>
  <issue tracker="bnc" id="1149294">VUL-0: CVE-2019-9812: MozillaFirefox: Sandbox escape through Firefox Sync</issue>
  <issue tracker="bnc" id="1149296">VUL-0: CVE-2019-11752: MozillaFirefox: Use-after-free while extracting a key value in IndexedDB</issue>
  <issue tracker="bnc" id="1149299">VUL-0: CVE-2019-11740: MozillaFirefox: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9</issue>
  <issue tracker="bnc" id="1149297">VUL-0: CVE-2019-11746: MozillaFirefox: Use-after-free while manipulating video</issue>
  <issue tracker="bnc" id="1149295">VUL-0: CVE-2019-11753: MozillaFirefox: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location</issue>
  <issue tracker="bnc" id="1149304">VUL-0: CVE-2019-11744: MozillaFirefox: XSS by breaking out of title and textarea elements using innerHTML</issue>
  <issue tracker="cve" id="2019-11743"/>
  <issue tracker="cve" id="2019-11752"/>
  <issue tracker="cve" id="2019-11753"/>
  <issue tracker="cve" id="2019-11744"/>
  <issue tracker="cve" id="2019-11740"/>
  <issue tracker="cve" id="2019-9812"/>
  <issue tracker="cve" id="2019-11742"/>
  <issue tracker="cve" id="2019-11746"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaFirefox</summary>
  <description>This update for MozillaFirefox to ESR 60.9 fixes the following issues:

Security issues fixed:

- CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303)
- CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297)
- CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304)
- CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295)
- CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296)
- CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298)
- CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299)
</description>
</patchinfo>