MGASA-2019-0376 - Updated firefox packages fix security vulnerabilities

Publication date: 08 Dec 2019
URL: https://advisories.mageia.org/MGASA-2019-0376.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-13722,
     CVE-2019-17005,
     CVE-2019-17008,
     CVE-2019-17009,
     CVE-2019-17010,
     CVE-2019-17011,
     CVE-2019-17012

Updated firefox packages fix security vulnerabilities:

Stack corruption due to incorrect number of arguments in WebRTC code.
(CVE-2019-13722)

Buffer overflow in plain text serializer. (CVE-2019-17005)

Use-after-free in worker destruction. (CVE-2019-17008)

Updater temporary files accessible to unprivileged processes. 
(CVE-2019-17009)

Use-after-free when performing device orientation checks.
(CVE-2019-17010)

Use-after-free when retrieving a document in antitracking.
(CVE-2019-17011)

Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3.
(CVE-2019-17012)

References:
- https://bugs.mageia.org/show_bug.cgi?id=25820
- https://www.mozilla.org/en-US/firefox/68.3.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17009
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012

SRPMS:
- 7/core/firefox-68.3.0-1.mga7
- 7/core/firefox-l10n-68.3.0-1.mga7
- 7/core/nspr-4.24-1.mga7