Endpoint Vulnerability

RHSA-2019:1763: firefox security update (Critical)

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715) * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717) * Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

Firefox