http://bugzilla.opensuse.org/show_bug.cgi?id=1129821 Bug ID: 1129821 Summary: VUL-0: MozillaFirefox: 66 / 60.6 ESR releases (MFSA2019-07, MFSA2019-08) Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Firefox Assignee: cgrobertson@suse.com Reporter: Andreas.Stieger@gmx.de QA Contact: security-team@suse.de CC: wolfgang@rosenauer.org Found By: --- Blocker: --- https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Security vulnerabilities fixed in Firefox ESR 60.6 * CVE-2019-9790 bmo#1525145 Use-after-free when removing in-use DOM elements * CVE-2019-9791 bmo#1530958 Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey * CVE-2019-9792 bmo#1532599 IonMonkey leaks JS_OPTIMIZED_OUT magic value to script * CVE-2019-9793 bmo#1528829 Improper bounds checks when Spectre mitigations are disabled * CVE-2019-9794 bmo#1530103 Command line arguments not discarded during execution * CVE-2019-9795 bmo#1514682 Type-confusion in IonMonkey JIT compiler * CVE-2019-9796 bmo#1531277 Use-after-free with SMIL animation controller * CVE-2018-18506 bmo#1503393 Proxy Auto-Configuration file can define localhost access to be proxied * CVE-2019-9788 bmo#1518001 bmo#1521304 bmo#1521214 bmo#1506665 bmo#1516834 bmo#1518774 bmo#1524755 bmo#1523362 bmo#1524214 bmo#1529203 Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/ Security vulnerabilities fixed in Firefox 66: * CVE-2019-9790 bmo#1525145 Use-after-free when removing in-use DOM elements * CVE-2019-9791 bmo#1530958 Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey * CVE-2019-9792 bmo#1532599 IonMonkey leaks JS_OPTIMIZED_OUT magic value to script * CVE-2019-9793 bmo#1528829 Improper bounds checks when Spectre mitigations are disabled * CVE-2019-9794 bmo#1530103 Command line arguments not discarded during execution * CVE-2019-9795 bmo#1514682 Type-confusion in IonMonkey JIT compiler * CVE-2019-9796 bmo#1531277 Use-after-free with SMIL animation controller * CVE-2019-9797 bmo#1528909 Cross-origin theft of images with createImageBitmap * CVE-2019-9799 bmo#1505678 Information disclosure via IPC channel messages * CVE-2019-9802 bmo#1415508 Chrome process information leak * CVE-2019-9803 bmo#1515863 bmo#1437009 Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation * CVE-2019-9805 bmo#1521360 Potential use of uninitialized memory in Prio * CVE-2019-9806 bmo#1525267 Denial of service through successive FTP authorization prompts * CVE-2019-9807 bmo#1362050 Text sent through FTP connection can be incorporated into alert messages * CVE-2019-9809 bmo#1282430 bmo#1523249 Denial of service through FTP modal alert error messages * CVE-2019-9808 bmo#1434634 WebRTC permissions can display incorrect origin with data: and blob: URLs * CVE-2019-9789 1520483 bmo#1522987 bmo#1528199 bmo#1519337 bmo#1525549 bmo#1516179 bmo#1518524 bmo#1518331 bmo#1526579 bmo#1512567 bmo#1524335 bmo#1448505 bmo#1518821 Memory safety bugs fixed in Firefox 66 * CVE-2019-9788 bmo#1518001 bmo#1521304 bmo#1521214 bmo#1506665 bmo#1516834 bmo#1518774 bmo#1524755 bmo#1523362 bmo#1524214 bmo#1529203 Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 -- You are receiving this mail because: You are on the CC list for the bug.