[SECURITY] [DLA 1800-1] firefox-esr security update

2019-05-2309:40:35

lists.debian.org

118

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

Package : firefox-esr
Version : 60.7.0esr-1~deb8u1
CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797
CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819
CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693
CVE-2019-11698

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary code.

For Debian 8 "Jessie", these problems have been fixed in version
60.7.0esr-1~deb8u1.

We recommend that you upgrade your firefox-esr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8alllightning-l10n-hy-am< 1:60.7.0-1~deb8u1lightning-l10n-hy-am_1:60.7.0-1~deb8u1_all.deb
Debian9alliceowl-l10n-lt< 1:60.7.0-1~deb9u1iceowl-l10n-lt_1:60.7.0-1~deb9u1_all.deb
Debian8alliceweasel-l10n-fa< 1:60.7.0esr-1~deb8u1iceweasel-l10n-fa_1:60.7.0esr-1~deb8u1_all.deb
Debian9allfirefox-esr-l10n-is< 60.7.0esr-1~deb9u1firefox-esr-l10n-is_60.7.0esr-1~deb9u1_all.deb
Debian9allfirefox-esr-l10n-kk< 60.7.0esr-1~deb9u1firefox-esr-l10n-kk_60.7.0esr-1~deb9u1_all.deb
Debian9alliceweasel-l10n-es-cl< 1:60.7.0esr-1~deb9u1iceweasel-l10n-es-cl_1:60.7.0esr-1~deb9u1_all.deb
Debian9ppc64elthunderbird-dbg< 1:60.7.0-1~deb9u1thunderbird-dbg_1:60.7.0-1~deb9u1_ppc64el.deb
Debian8allfirefox-esr-l10n-br< 60.7.0esr-1~deb8u1firefox-esr-l10n-br_60.7.0esr-1~deb8u1_all.deb
Debian9alllightning-l10n-ga-ie< 1:60.7.0-1~deb9u1lightning-l10n-ga-ie_1:60.7.0-1~deb9u1_all.deb
Debian9alllightning-l10n-lt< 1:60.7.0-1~deb9u1lightning-l10n-lt_1:60.7.0-1~deb9u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	lightning-l10n-hy-am	< 1:60.7.0-1~deb8u1	lightning-l10n-hy-am_1:60.7.0-1~deb8u1_all.deb
Debian	9	all	iceowl-l10n-lt	< 1:60.7.0-1~deb9u1	iceowl-l10n-lt_1:60.7.0-1~deb9u1_all.deb
Debian	8	all	iceweasel-l10n-fa	< 1:60.7.0esr-1~deb8u1	iceweasel-l10n-fa_1:60.7.0esr-1~deb8u1_all.deb
Debian	9	all	firefox-esr-l10n-is	< 60.7.0esr-1~deb9u1	firefox-esr-l10n-is_60.7.0esr-1~deb9u1_all.deb
Debian	9	all	firefox-esr-l10n-kk	< 60.7.0esr-1~deb9u1	firefox-esr-l10n-kk_60.7.0esr-1~deb9u1_all.deb
Debian	9	all	iceweasel-l10n-es-cl	< 1:60.7.0esr-1~deb9u1	iceweasel-l10n-es-cl_1:60.7.0esr-1~deb9u1_all.deb
Debian	9	ppc64el	thunderbird-dbg	< 1:60.7.0-1~deb9u1	thunderbird-dbg_1:60.7.0-1~deb9u1_ppc64el.deb
Debian	8	all	firefox-esr-l10n-br	< 60.7.0esr-1~deb8u1	firefox-esr-l10n-br_60.7.0esr-1~deb8u1_all.deb
Debian	9	all	lightning-l10n-ga-ie	< 1:60.7.0-1~deb9u1	lightning-l10n-ga-ie_1:60.7.0-1~deb9u1_all.deb
Debian	9	all	lightning-l10n-lt	< 1:60.7.0-1~deb9u1	lightning-l10n-lt_1:60.7.0-1~deb9u1_all.deb