CentOS Local Security Checks : CentOS Update for firefox CESA-2019:0622 centos7

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.883026

Categoría: CentOS Local Security Checks

Título: CentOS Update for firefox CESA-2019:0622 centos7

Resumen: The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2019:0622 advisory.

Descripción: Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the CESA-2019:0622 advisory.

Vulnerability Insight:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 60.6.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
(CVE-2019-9788)

* Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790)

* Mozilla: Type inference is incorrect for constructors entered through
on-stack replacement with IonMonkey (CVE-2019-9791)

* Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
(CVE-2019-9792)

* Mozilla: Improper bounds checks when Spectre mitigations are disabled
(CVE-2019-9793)

* Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795)

* Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796)

* Mozilla: Proxy Auto-Configuration file can define localhost access to be
proxied (CVE-2018-18506)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Affected Software/OS:
'firefox' package(s) on CentOS 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-18506
BugTraq ID: 106773
http://www.securityfocus.com/bid/106773
Bugtraq: 20190320 [SECURITY] [DSA 4411-1] firefox-esr security update (Google Search)
https://seclists.org/bugtraq/2019/Mar/28
Bugtraq: 20190401 [SECURITY] [DSA 4420-1] thunderbird security update (Google Search)
https://seclists.org/bugtraq/2019/Apr/0
Debian Security Information: DSA-4411 (Google Search)
https://www.debian.org/security/2019/dsa-4411
Debian Security Information: DSA-4420 (Google Search)
https://www.debian.org/security/2019/dsa-4420
https://security.gentoo.org/glsa/201904-07
https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html
RedHat Security Advisories: RHSA-2019:0622
https://access.redhat.com/errata/RHSA-2019:0622
RedHat Security Advisories: RHSA-2019:0623
https://access.redhat.com/errata/RHSA-2019:0623
RedHat Security Advisories: RHSA-2019:0680
https://access.redhat.com/errata/RHSA-2019:0680
RedHat Security Advisories: RHSA-2019:0681
https://access.redhat.com/errata/RHSA-2019:0681
RedHat Security Advisories: RHSA-2019:0966
https://access.redhat.com/errata/RHSA-2019:0966
RedHat Security Advisories: RHSA-2019:1144
https://access.redhat.com/errata/RHSA-2019:1144
SuSE Security Announcement: openSUSE-SU-2019:1056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html
SuSE Security Announcement: openSUSE-SU-2019:1077 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html
SuSE Security Announcement: openSUSE-SU-2019:1126 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html
SuSE Security Announcement: openSUSE-SU-2019:1162 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html
https://usn.ubuntu.com/3874-1/
https://usn.ubuntu.com/3927-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9788
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203
https://www.mozilla.org/security/advisories/mfsa2019-07/
https://www.mozilla.org/security/advisories/mfsa2019-08/
https://www.mozilla.org/security/advisories/mfsa2019-11/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9790
https://bugzilla.mozilla.org/show_bug.cgi?id=1525145
Common Vulnerability Exposure (CVE) ID: CVE-2019-9791
https://bugzilla.mozilla.org/show_bug.cgi?id=1530958
Common Vulnerability Exposure (CVE) ID: CVE-2019-9792
http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1532599
Common Vulnerability Exposure (CVE) ID: CVE-2019-9793
https://bugzilla.mozilla.org/show_bug.cgi?id=1528829
Common Vulnerability Exposure (CVE) ID: CVE-2019-9795
https://bugzilla.mozilla.org/show_bug.cgi?id=1514682
Common Vulnerability Exposure (CVE) ID: CVE-2019-9796
https://bugzilla.mozilla.org/show_bug.cgi?id=1531277

Copyright Copyright (C) 2019 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.883026
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for firefox CESA-2019:0622 centos7
Resumen:	The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2019:0622 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the CESA-2019:0622 advisory. Vulnerability Insight: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'firefox' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-18506 BugTraq ID: 106773 http://www.securityfocus.com/bid/106773 Bugtraq: 20190320 [SECURITY] [DSA 4411-1] firefox-esr security update (Google Search) https://seclists.org/bugtraq/2019/Mar/28 Bugtraq: 20190401 [SECURITY] [DSA 4420-1] thunderbird security update (Google Search) https://seclists.org/bugtraq/2019/Apr/0 Debian Security Information: DSA-4411 (Google Search) https://www.debian.org/security/2019/dsa-4411 Debian Security Information: DSA-4420 (Google Search) https://www.debian.org/security/2019/dsa-4420 https://security.gentoo.org/glsa/201904-07 https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html RedHat Security Advisories: RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0622 RedHat Security Advisories: RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0623 RedHat Security Advisories: RHSA-2019:0680 https://access.redhat.com/errata/RHSA-2019:0680 RedHat Security Advisories: RHSA-2019:0681 https://access.redhat.com/errata/RHSA-2019:0681 RedHat Security Advisories: RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:0966 RedHat Security Advisories: RHSA-2019:1144 https://access.redhat.com/errata/RHSA-2019:1144 SuSE Security Announcement: openSUSE-SU-2019:1056 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html SuSE Security Announcement: openSUSE-SU-2019:1077 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html SuSE Security Announcement: openSUSE-SU-2019:1126 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html SuSE Security Announcement: openSUSE-SU-2019:1162 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html https://usn.ubuntu.com/3874-1/ https://usn.ubuntu.com/3927-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9788 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203 https://www.mozilla.org/security/advisories/mfsa2019-07/ https://www.mozilla.org/security/advisories/mfsa2019-08/ https://www.mozilla.org/security/advisories/mfsa2019-11/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9790 https://bugzilla.mozilla.org/show_bug.cgi?id=1525145 Common Vulnerability Exposure (CVE) ID: CVE-2019-9791 https://bugzilla.mozilla.org/show_bug.cgi?id=1530958 Common Vulnerability Exposure (CVE) ID: CVE-2019-9792 http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html https://bugzilla.mozilla.org/show_bug.cgi?id=1532599 Common Vulnerability Exposure (CVE) ID: CVE-2019-9793 https://bugzilla.mozilla.org/show_bug.cgi?id=1528829 Common Vulnerability Exposure (CVE) ID: CVE-2019-9795 https://bugzilla.mozilla.org/show_bug.cgi?id=1514682 Common Vulnerability Exposure (CVE) ID: CVE-2019-9796 https://bugzilla.mozilla.org/show_bug.cgi?id=1531277
Copyright	Copyright (C) 2019 Greenbone AG