SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1405-1)


This update for MozillaFirefox fixes the following issues : Security issues fixed : CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing listeners in the event listener manager CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks CVE-2019-7317: Use-after-free in png_image_free of libpng library CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server CVE-2019-9819: Compartment mismatch with fetch API CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: Font and date adjustments to accommodate the new Reiwa era in Japan Update to Firefox ESR 60.7 (bsc#1135824) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.