| Description: | Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the CESA-2019:1763 advisory.
Vulnerability Insight:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 60.8.0 ESR.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
(CVE-2019-11709)
* Mozilla: Sandbox escape via installation of malicious language pack
(CVE-2019-9811)
* Mozilla: Script injection within domain through inner window reuse
(CVE-2019-11711)
* Mozilla: Cross-origin POST requests can be made with NPAPI plugins by
following 308 redirects (CVE-2019-11712)
* Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713)
* Mozilla: HTML parsing error can contribute to content XSS
(CVE-2019-11715)
* Mozilla: Caret character improperly escaped in origins (CVE-2019-11717)
* Mozilla: Same-origin policy treats all files in a directory as having the
same-origin (CVE-2019-11730)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Affected Software/OS:
'firefox' package(s) on CentOS 7.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
