rhsa-2019_1267
Vulnerability from csaf_redhat
Published
2019-05-23 15:53
Modified
2024-11-22 13:19
Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 60.7.0 ESR.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)
* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)
* Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)
* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)
* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)
* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)
* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)
* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)
* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)
* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)
* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)
* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)
* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for firefox is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:1267", "url": "https://access.redhat.com/errata/RHSA-2019:1267" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/" }, { "category": "external", "summary": "1672409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672409" }, { "category": "external", "summary": "1676997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1676997" }, { "category": "external", "summary": "1688200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1688200" }, { "category": "external", "summary": "1712617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712617" }, { "category": "external", "summary": "1712618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712618" }, { "category": "external", "summary": "1712619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712619" }, { "category": "external", "summary": "1712621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712621" }, { "category": "external", "summary": "1712622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712622" }, { "category": "external", "summary": "1712623", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712623" }, { "category": "external", "summary": "1712625", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712625" }, { "category": "external", "summary": "1712626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712626" }, { "category": "external", "summary": "1712628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712628" }, { "category": "external", "summary": "1712629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712629" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_1267.json" } ], "title": "Red Hat Security Advisory: firefox security update", "tracking": { "current_release_date": "2024-11-22T13:19:41+00:00", "generator": { "date": "2024-11-22T13:19:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:1267", "initial_release_date": "2019-05-23T15:53:40+00:00", "revision_history": [ { "date": "2019-05-23T15:53:40+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-05-23T15:53:40+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T13:19:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.10.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.10.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.10.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.10.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.10.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.10.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.10.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "product": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "product_id": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox-debuginfo@60.7.0-1.el6_10?arch=x86_64" } } }, { "category": "product_version", "name": "firefox-0:60.7.0-1.el6_10.x86_64", "product": { "name": "firefox-0:60.7.0-1.el6_10.x86_64", "product_id": "firefox-0:60.7.0-1.el6_10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@60.7.0-1.el6_10?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "firefox-debuginfo-0:60.7.0-1.el6_10.i686", "product": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.i686", "product_id": "firefox-debuginfo-0:60.7.0-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox-debuginfo@60.7.0-1.el6_10?arch=i686" } } }, { "category": "product_version", "name": "firefox-0:60.7.0-1.el6_10.i686", "product": { "name": "firefox-0:60.7.0-1.el6_10.i686", "product_id": "firefox-0:60.7.0-1.el6_10.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@60.7.0-1.el6_10?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "firefox-0:60.7.0-1.el6_10.src", "product": { "name": "firefox-0:60.7.0-1.el6_10.src", "product_id": "firefox-0:60.7.0-1.el6_10.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@60.7.0-1.el6_10?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "product": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "product_id": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox-debuginfo@60.7.0-1.el6_10?arch=s390x" } } }, { "category": "product_version", "name": "firefox-0:60.7.0-1.el6_10.s390x", "product": { "name": "firefox-0:60.7.0-1.el6_10.s390x", "product_id": "firefox-0:60.7.0-1.el6_10.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@60.7.0-1.el6_10?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "product": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "product_id": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox-debuginfo@60.7.0-1.el6_10?arch=ppc64" } } }, { "category": "product_version", "name": "firefox-0:60.7.0-1.el6_10.ppc64", "product": { "name": "firefox-0:60.7.0-1.el6_10.ppc64", "product_id": "firefox-0:60.7.0-1.el6_10.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@60.7.0-1.el6_10?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Client-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Client-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Client-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src" }, "product_reference": "firefox-0:60.7.0-1.el6_10.src", "relates_to_product_reference": "6Client-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Client-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Client-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Client-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Client-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Client-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Client-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Client-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Client-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src" }, "product_reference": "firefox-0:60.7.0-1.el6_10.src", "relates_to_product_reference": "6Client-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Client-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Client-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Client-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Client-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Client-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src" }, "product_reference": "firefox-0:60.7.0-1.el6_10.src", "relates_to_product_reference": "6ComputeNode-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6ComputeNode-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Server-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Server-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Server-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.src as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src" }, "product_reference": "firefox-0:60.7.0-1.el6_10.src", "relates_to_product_reference": "6Server-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Server-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Server-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Server-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Server-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Server-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Server-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Server-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Server-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src" }, "product_reference": "firefox-0:60.7.0-1.el6_10.src", "relates_to_product_reference": "6Server-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Server-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Server-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Server-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Server-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", "product_id": "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Server-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Workstation-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Workstation-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Workstation-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src" }, "product_reference": "firefox-0:60.7.0-1.el6_10.src", "relates_to_product_reference": "6Workstation-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Workstation-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Workstation-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Workstation-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Workstation-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Workstation-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Workstation-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src" }, "product_reference": "firefox-0:60.7.0-1.el6_10.src", "relates_to_product_reference": "6Workstation-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.i686", "relates_to_product_reference": "6Workstation-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "relates_to_product_reference": "6Workstation-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "relates_to_product_reference": "6Workstation-optional-6.10.z" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)", "product_id": "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" }, "product_reference": "firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "relates_to_product_reference": "6Workstation-optional-6.10.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-18511", "discovery_date": "2019-02-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1676997" } ], "notes": [ { "category": "description", "text": "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1.", "title": "Vulnerability description" }, { "category": "summary", "text": "mozilla: Cross-origin theft of images with ImageBitmapRenderingContext", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-18511" }, { "category": "external", "summary": "RHBZ#1676997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1676997" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-18511", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18511" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-18511", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18511" } ], "release_date": "2019-02-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mozilla: Cross-origin theft of images with ImageBitmapRenderingContext" }, { "cve": "CVE-2019-5798", "discovery_date": "2019-03-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1688200" } ], "notes": [ { "category": "description", "text": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.", "title": "Vulnerability description" }, { "category": "summary", "text": "chromium-browser: Out of bounds read in Skia", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-5798" }, { "category": "external", "summary": "RHBZ#1688200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1688200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-5798", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-5798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5798" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" } ], "release_date": "2019-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "chromium-browser: Out of bounds read in Skia" }, { "cve": "CVE-2019-7317", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1672409" } ], "notes": [ { "category": "description", "text": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.", "title": "Vulnerability description" }, { "category": "summary", "text": "libpng: use-after-free in png_image_free in png.c", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-7317" }, { "category": "external", "summary": "RHBZ#1672409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672409" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-7317", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-7317", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7317" } ], "release_date": "2019-01-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "libpng: use-after-free in png_image_free in png.c" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] }, { "names": [ "AaylaSecura1138" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2019-9797", "cwe": { "id": "CWE-829", "name": "Inclusion of Functionality from Untrusted Control Sphere" }, "discovery_date": "2019-05-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1712622" } ], "notes": [ { "category": "description", "text": "Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox \u003c 66.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Cross-origin theft of images with createImageBitmap", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9797" }, { "category": "external", "summary": "RHBZ#1712622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712622" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9797", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9797" }, { "category": "external", "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797" } ], "release_date": "2019-05-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Mozilla: Cross-origin theft of images with createImageBitmap" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] }, { "names": [ "Olli Pettay", "Bogdan Tara", "Jan de Mooij", "Jason Kratzer", "Jan Varga", "Gary Kwong", "Tim Guan-tin Chien", "Tyson Smith", "Ronald Crane", "Ted Campbell" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2019-9800", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2019-05-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1712623" } ], "notes": [ { "category": "description", "text": "Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9800" }, { "category": "external", "summary": "RHBZ#1712623", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712623" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9800", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9800" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9800", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9800" }, { "category": "external", "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800" } ], "release_date": "2019-05-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] }, { "names": [ "Samuel Gro\u00df" ], "organization": "Google Project Zero", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2019-9816", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "discovery_date": "2019-05-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1712625" } ], "notes": [ { "category": "description", "text": "A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Type confusion with object groups and UnboxedObjects", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9816" }, { "category": "external", "summary": "RHBZ#1712625", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712625" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9816", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9816" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9816", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9816" }, { "category": "external", "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816" } ], "release_date": "2019-05-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Mozilla: Type confusion with object groups and UnboxedObjects" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] }, { "names": [ "Lu\u1eadt Nguy\u1ec5n" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2019-9817", "cwe": { "id": "CWE-829", "name": "Inclusion of Functionality from Untrusted Control Sphere" }, "discovery_date": "2019-05-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1712626" } ], "notes": [ { "category": "description", "text": "Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Stealing of cross-domain images using canvas", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9817" }, { "category": "external", "summary": "RHBZ#1712626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712626" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9817", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9817" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9817", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9817" }, { "category": "external", "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817" } ], "release_date": "2019-05-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Mozilla: Stealing of cross-domain images using canvas" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] }, { "names": [ "Nils" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2019-9819", "cwe": { "id": "CWE-567", "name": "Unsynchronized Access to Shared Data in a Multithreaded Context" }, "discovery_date": "2019-05-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1712628" } ], "notes": [ { "category": "description", "text": "A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Compartment mismatch with fetch API", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9819" }, { "category": "external", "summary": "RHBZ#1712628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712628" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9819", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9819" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9819", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9819" }, { "category": "external", "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819" } ], "release_date": "2019-05-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Mozilla: Compartment mismatch with fetch API" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] }, { "names": [ "Nils" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2019-9820", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-05-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1712629" } ], "notes": [ { "category": "description", "text": "A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free of ChromeEventHandler by DocShell", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9820" }, { "category": "external", "summary": "RHBZ#1712629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9820", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9820" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9820", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9820" }, { "category": "external", "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820" } ], "release_date": "2019-05-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Mozilla: Use-after-free of ChromeEventHandler by DocShell" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] }, { "names": [ "Nils" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2019-11691", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-05-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1712617" } ], "notes": [ { "category": "description", "text": "A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free in XMLHttpRequest", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11691" }, { "category": "external", "summary": "RHBZ#1712617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11691", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11691" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11691" }, { "category": "external", "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691" } ], "release_date": "2019-05-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Mozilla: Use-after-free in XMLHttpRequest" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] }, { "names": [ "Nils" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2019-11692", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-05-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1712618" } ], "notes": [ { "category": "description", "text": "A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Use-after-free removing listeners in the event listener manager", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11692" }, { "category": "external", "summary": "RHBZ#1712618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712618" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11692", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11692" }, { "category": "external", "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692" } ], "release_date": "2019-05-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Mozilla: Use-after-free removing listeners in the event listener manager" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] }, { "names": [ "crixer" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2019-11693", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2019-05-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1712619" } ], "notes": [ { "category": "description", "text": "The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Buffer overflow in WebGL bufferdata on Linux", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11693" }, { "category": "external", "summary": "RHBZ#1712619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712619" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11693", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11693" }, { "category": "external", "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693" } ], "release_date": "2019-05-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Mozilla: Buffer overflow in WebGL bufferdata on Linux" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] }, { "names": [ "Abdulrahman Alqabandi" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2019-11698", "cwe": { "id": "CWE-829", "name": "Inclusion of Functionality from Untrusted Control Sphere" }, "discovery_date": "2019-05-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1712621" } ], "notes": [ { "category": "description", "text": "If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user\u0027s browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks", "title": "Vulnerability summary" }, { "category": "other", "text": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11698" }, { "category": "external", "summary": "RHBZ#1712621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712621" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11698", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11698" }, { "category": "external", "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698" } ], "release_date": "2019-05-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-23T15:53:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.", "product_ids": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:1267" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Client-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Client-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6ComputeNode-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6ComputeNode-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Server-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Server-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.src", "6Workstation-optional-6.10.z:firefox-0:60.7.0-1.el6_10.x86_64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.i686", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.ppc64", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.s390x", "6Workstation-optional-6.10.z:firefox-debuginfo-0:60.7.0-1.el6_10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.