Request 714775: Incident MozillaFirefox - openSUSE Build Service

Overview

Request 714775 accepted

This is kind of blind submission because currently NSS is not new enough in 15.0

- Mozilla Firefox 60.8.0esr
* requires >= NSS 3.36.8
MFSA 2019-22 (bsc#1140868)
* CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
Sandbox escape via installation of malicious languagepack
* CVE-2019-11711 (bmo#1552541)
Script injection within domain through inner window reuse
* CVE-2019-11712 (bmo#1543804)
Cross-origin POST requests can be made with NPAPI plugins by
following 308 redirects
* CVE-2019-11713 (bmo#1528481)
Use-after-free with HTTP/2 cached stream
* CVE-2019-11729 (bmo#1515342)
Empty or malformed p256-ECDH public keys may trigger a segmentation fault
* CVE-2019-11715 (bmo#1555523)
HTML parsing error can contribute to content XSS
* CVE-2019-11717 (bmo#1548306)
Caret character improperly escaped in origins
* CVE-2019-11719 (bmo#1540541)
Out-of-bounds read when importing curve25519 private key
* CVE-2019-11730 (bmo#1558299)
Same-origin policy treats all files in a directory as having the
same-origin
* CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

Created by wrosenauer almost 5 years ago
In state accepted

Incident MozillaFirefox

Comments for request 714775 1

Leap Reviewbot (leaper) - almost 5 years ago

home:wrosenauer:devel/MozillaFirefox@664a74eafabc495bb2997cd1d4fa2eb0 -> openSUSE:Leap:15.0:Update/MozillaFirefox

expected origin is 'FORK' (unchanged)

Login required, please login in order to comment

Request History

wrosenauer created request almost 5 years ago

This is kind of blind submission because currently NSS is not new enough in 15.0

- Mozilla Firefox 60.8.0esr
* requires >= NSS 3.36.8
MFSA 2019-22 (bsc#1140868)
* CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
Sandbox escape via installation of malicious languagepack
* CVE-2019-11711 (bmo#1552541)
Script injection within domain through inner window reuse
* CVE-2019-11712 (bmo#1543804)
Cross-origin POST requests can be made with NPAPI plugins by
following 308 redirects
* CVE-2019-11713 (bmo#1528481)
Use-after-free with HTTP/2 cached stream
* CVE-2019-11729 (bmo#1515342)
Empty or malformed p256-ECDH public keys may trigger a segmentation fault
* CVE-2019-11715 (bmo#1555523)
HTML parsing error can contribute to content XSS
* CVE-2019-11717 (bmo#1548306)
Caret character improperly escaped in origins
* CVE-2019-11719 (bmo#1540541)
Out-of-bounds read when importing curve25519 private key
* CVE-2019-11730 (bmo#1558299)
Same-origin policy treats all files in a directory as having the
same-origin
* CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

factory-auto accepted review almost 5 years ago

Check script succeeded

maintbot accepted review almost 5 years ago

ok

licensedigger accepted review almost 5 years ago

ok

licensedigger approved review almost 5 years ago

ok

rfrohl moved maintenance target to openSUSE:Maintenance:10642 almost 5 years ago

rfrohl accepted request almost 5 years ago

finally got mozilla-nss from SLE, submission is good

openSUSE Build Service is sponsored by