Security update for Mozilla Firefox

SUSE Security Update: Security update for Mozilla Firefox
Announcement ID: SUSE-SU-2019:14246-1
Rating: important
References: #1000036 #1001652 #1025108 #1029377 #1029902 #1040164 #104105 #1042670 #1043008 #1044946 #1047925 #1047936 #1048299 #1049186 #1050653 #1056058 #1058013 #1066242 #1066953 #1070738 #1070853 #1072320 #1072322 #1073796 #1073798 #1073799 #1073803 #1073808 #1073818 #1073823 #1073829 #1073830 #1073832 #1073846 #1074235 #1077230 #1079761 #1081750 #1082318 #1087453 #1087459 #1087463 #1088573 #1091764 #1094814 #1097158 #1097375 #1097401 #1097404 #1097748 #1104841 #1105019 #1107030 #1109465 #1117473 #1117626 #1117627 #1117629 #1117630 #1120644 #1122191 #1123482 #1124525 #1127532 #1129346 #1130694 #1130840 #1133452 #1133810 #1134209 #1138459 #1140290 #1140868 #1141853 #1144919 #1145665 #1146090 #1146091 #1146093 #1146094 #1146095 #1146097 #1146099 #1146100 #1149323 #1153423 #1154738 #1447070 #1447409 #744625 #744629 #845955 #865853 #905528 #917607 #935856 #937414 #947747 #948045 #948602 #955142 #957814 #957815 #961254 #962297 #966076 #966077 #985201 #986541 #991344 #998743
Cross-References:CVE-2013-2882 CVE-2013-6639 CVE-2013-6640 CVE-2013-6668 CVE-2014-0224 CVE-2015-3193 CVE-2015-3194 CVE-2015-5380 CVE-2015-7384 CVE-2016-2086 CVE-2016-2178 CVE-2016-2183 CVE-2016-2216 CVE-2016-5172 CVE-2016-5325 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7099 CVE-2017-1000381 CVE-2017-10686 CVE-2017-11111 CVE-2017-11499 CVE-2017-14228 CVE-2017-14849 CVE-2017-14919 CVE-2017-15896 CVE-2017-15897 CVE-2017-17810 CVE-2017-17811 CVE-2017-17812 CVE-2017-17813 CVE-2017-17814 CVE-2017-17815 CVE-2017-17816 CVE-2017-17817 CVE-2017-17818 CVE-2017-17819 CVE-2017-17820 CVE-2017-18207 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 CVE-2018-0732 CVE-2018-1000168 CVE-2018-12115 CVE-2018-12116 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-20406 CVE-2018-20852 CVE-2018-7158 CVE-2018-7159 CVE-2018-7160 CVE-2018-7161 CVE-2018-7167 CVE-2019-10160 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-13173 CVE-2019-15903 CVE-2019-5010 CVE-2019-5737 CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 CVE-2019-9636 CVE-2019-9811 CVE-2019-9812 CVE-2019-9947
Affected Products:
  • SUSE Linux Enterprise Server 11-SP4-LTSS

An update that fixes 118 vulnerabilities is now available.

Description:


This update contains the Mozilla Firefox ESR 68.2 release.
Mozilla Firefox was updated to ESR 68.2 release:

  • Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page.

  • Various security fixes: MFSA 2019-33 (bsc#1154738) * CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber * CVE-2019-11757: Use-after-free when creating index updates in IndexedDB * CVE-2019-11758: Potentially exploitable crash due to 360 Total Security * CVE-2019-11759: Stack buffer overflow in HKDF output * CVE-2019-11760: Stack buffer overflow in WebRTC networking * CVE-2019-11761: Unintended access to a privileged JSONView object * CVE-2019-11762: document.domain-based origin isolation has same-origin- property violation * CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique * CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2

Other Issues resolved:
  • [bsc#1104841] Newer versions of firefox have a dependency on GLIBCXX_3.4.20
  • [bsc#1074235] MozillaFirefox: background tab crash reports sent inadvertently without user opt-in
  • [bsc#1043008] Firefox hangs randomly when browsing and scrolling
  • [bsc#1025108] Firefox stops loading page until mouse is moved
  • [bsc#905528] Firefox malfunctions due to broken omni.ja archives

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 11-SP4-LTSS:
    zypper in -t patch slessp4-firefox-201910-14246=1

Package List:

  • SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64):
    • MozillaFirefox-68.2.0-78.51.4
    • MozillaFirefox-branding-SLED-68-21.9.8
    • MozillaFirefox-translations-common-68.2.0-78.51.4
    • MozillaFirefox-translations-other-68.2.0-78.51.4
    • firefox-atk-lang-2.26.1-2.8.4
    • firefox-gdk-pixbuf-lang-2.36.11-2.8.4
    • firefox-gdk-pixbuf-query-loaders-2.36.11-2.8.4
    • firefox-gdk-pixbuf-thumbnailer-2.36.11-2.8.4
    • firefox-gio-branding-upstream-2.54.3-2.14.7
    • firefox-glib2-lang-2.54.3-2.14.7
    • firefox-glib2-tools-2.54.3-2.14.7
    • firefox-gtk3-branding-upstream-3.10.9-2.15.3
    • firefox-gtk3-data-3.10.9-2.15.3
    • firefox-gtk3-immodule-amharic-3.10.9-2.15.3
    • firefox-gtk3-immodule-inuktitut-3.10.9-2.15.3
    • firefox-gtk3-immodule-multipress-3.10.9-2.15.3
    • firefox-gtk3-immodule-thai-3.10.9-2.15.3
    • firefox-gtk3-immodule-vietnamese-3.10.9-2.15.3
    • firefox-gtk3-immodule-xim-3.10.9-2.15.3
    • firefox-gtk3-immodules-tigrigna-3.10.9-2.15.3
    • firefox-gtk3-lang-3.10.9-2.15.3
    • firefox-gtk3-tools-3.10.9-2.15.3
    • firefox-libatk-1_0-0-2.26.1-2.8.4
    • firefox-libcairo-gobject2-1.15.10-2.13.4
    • firefox-libcairo2-1.15.10-2.13.4
    • firefox-libffi4-5.3.1+r233831-14.1
    • firefox-libffi7-3.2.1.git259-2.3.3
    • firefox-libgcc_s1-5.3.1+r233831-14.1
    • firefox-libgcc_s1-gcc8-8.2.1+r264010-2.5.1
    • firefox-libgdk_pixbuf-2_0-0-2.36.11-2.8.4
    • firefox-libgtk-3-0-3.10.9-2.15.3
    • firefox-libharfbuzz0-1.7.5-2.7.4
    • firefox-libpango-1_0-0-1.40.14-2.7.4
    • firefox-libstdc++6-5.3.1+r233831-14.1
    • firefox-libstdc++6-gcc8-8.2.1+r264010-2.5.1
    • libfirefox-gio-2_0-0-2.54.3-2.14.7
    • libfirefox-glib-2_0-0-2.54.3-2.14.7
    • libfirefox-gmodule-2_0-0-2.54.3-2.14.7
    • libfirefox-gobject-2_0-0-2.54.3-2.14.7
    • libfirefox-gthread-2_0-0-2.54.3-2.14.7
    • libfreebl3-3.45-38.9.3
    • libfreebl3-32bit-3.45-38.9.3
    • libsoftokn3-3.45-38.9.3
    • libsoftokn3-32bit-3.45-38.9.3
    • mozilla-nspr-32bit-4.21-29.6.1
    • mozilla-nspr-4.21-29.6.1
    • mozilla-nspr-devel-4.21-29.6.1
    • mozilla-nss-3.45-38.9.3
    • mozilla-nss-32bit-3.45-38.9.3
    • mozilla-nss-certs-3.45-38.9.3
    • mozilla-nss-certs-32bit-3.45-38.9.3
    • mozilla-nss-devel-3.45-38.9.3
    • mozilla-nss-tools-3.45-38.9.3

References: