Bug 1130262 - (CVE-2019-9810) VUL-0: CVE-2019-9810,CVE-2019-9813: MozillaFirefox: 66.0.1 / 60.6.1 ESR releases (MFSA2019-09, MFSA2019-10)
(CVE-2019-9810)
VUL-0: CVE-2019-9810,CVE-2019-9813: MozillaFirefox: 66.0.1 / 60.6.1 ESR relea...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Charles Robertson
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-22 21:59 UTC by Andreas Stieger
Modified: 2022-04-01 10:36 UTC (History)
3 users (show)

See Also:
Found By: Community User
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2019-03-22 21:59:36 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/

Fixed in Mozilla Firefox 66.0.1, 60.6.1 ESR:

* CVE-2019-9810 bmo#1537924
  IonMonkey MArraySlice has incorrect alias information
* CVE-2019-9813 bmo#1538006
  Ionmonkey type confusion with __proto__ mutations
Comment 1 Swamp Workflow Management 2019-03-22 22:50:10 UTC
This is an autogenerated message for OBS integration:
This bug (1130262) was mentioned in
https://build.opensuse.org/request/show/687817 42.3 / MozillaFirefox
https://build.opensuse.org/request/show/687818 15.0 / MozillaFirefox
Comment 3 Swamp Workflow Management 2019-03-27 11:10:43 UTC
openSUSE-SU-2019:1056-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1129821,1130262
CVE References: CVE-2018-18506,CVE-2019-9788,CVE-2019-9790,CVE-2019-9791,CVE-2019-9792,CVE-2019-9793,CVE-2019-9794,CVE-2019-9795,CVE-2019-9796,CVE-2019-9810,CVE-2019-9813
Sources used:
openSUSE Leap 42.3 (src):    MozillaFirefox-60.6.1-135.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2019-03-27 16:50:11 UTC
This is an autogenerated message for OBS integration:
This bug (1130262) was mentioned in
https://build.opensuse.org/request/show/689125 Factory / MozillaFirefox
https://build.opensuse.org/request/show/689134 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/689135 42.3 / MozillaThunderbird
https://build.opensuse.org/request/show/689136 15.0 / MozillaThunderbird
Comment 5 Swamp Workflow Management 2019-03-27 18:10:12 UTC
This is an autogenerated message for OBS integration:
This bug (1130262) was mentioned in
https://build.opensuse.org/request/show/689153 Backports:SLE-12 / MozillaThunderbird
Comment 7 Swamp Workflow Management 2019-03-28 11:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (1130262) was mentioned in
https://build.opensuse.org/request/show/689295 Factory / MozillaFirefox
Comment 8 Swamp Workflow Management 2019-03-29 11:20:30 UTC
openSUSE-SU-2019:1077-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1129821,1130262
CVE References: CVE-2018-18506,CVE-2019-9788,CVE-2019-9790,CVE-2019-9791,CVE-2019-9792,CVE-2019-9793,CVE-2019-9794,CVE-2019-9795,CVE-2019-9796,CVE-2019-9810,CVE-2019-9813
Sources used:
openSUSE Leap 15.0 (src):    MozillaFirefox-60.6.1-lp150.3.45.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2019-03-30 12:40:07 UTC
This is an autogenerated message for OBS integration:
This bug (1130262) was mentioned in
https://build.opensuse.org/request/show/690057 Factory / MozillaFirefox
Comment 10 Swamp Workflow Management 2019-04-03 10:12:33 UTC
openSUSE-SU-2019:1126-1: An update that fixes 13 vulnerabilities is now available.

Category: security (critical)
Bug References: 1129821,1130262
CVE References: CVE-2018-18506,CVE-2019-5785,CVE-2019-9788,CVE-2019-9790,CVE-2019-9791,CVE-2019-9792,CVE-2019-9793,CVE-2019-9794,CVE-2019-9795,CVE-2019-9796,CVE-2019-9801,CVE-2019-9810,CVE-2019-9813
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    MozillaThunderbird-60.6.1-82.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2019-04-03 13:14:06 UTC
SUSE-SU-2019:0852-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1125330,1127987,1129821,1130262
CVE References: CVE-2018-18335,CVE-2018-18356,CVE-2018-18506,CVE-2019-5785,CVE-2019-9788,CVE-2019-9790,CVE-2019-9791,CVE-2019-9792,CVE-2019-9793,CVE-2019-9794,CVE-2019-9795,CVE-2019-9796,CVE-2019-9801,CVE-2019-9810,CVE-2019-9813
Sources used:
SUSE OpenStack Cloud 7 (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Server 12-SP4 (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Server 12-SP3 (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Server 12-SP2-BCL (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Server 12-LTSS (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Desktop 12-SP4 (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    MozillaFirefox-60.6.1esr-109.63.2
SUSE Enterprise Storage 4 (src):    MozillaFirefox-60.6.1esr-109.63.2

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2019-04-03 13:15:18 UTC
SUSE-SU-2019:0853-1: An update that fixes 16 vulnerabilities is now available.

Category: security (important)
Bug References: 1125330,1129821,1130262
CVE References: CVE-2018-18335,CVE-2018-18356,CVE-2018-18506,CVE-2018-18509,CVE-2019-5785,CVE-2019-9788,CVE-2019-9790,CVE-2019-9791,CVE-2019-9792,CVE-2019-9793,CVE-2019-9794,CVE-2019-9795,CVE-2019-9796,CVE-2019-9801,CVE-2019-9810,CVE-2019-9813
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    MozillaThunderbird-60.6.1-3.28.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2019-04-04 16:11:35 UTC
SUSE-SU-2019:0871-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1125330,1127987,1129821,1130262
CVE References: CVE-2018-18335,CVE-2018-18356,CVE-2018-18506,CVE-2019-5785,CVE-2019-9788,CVE-2019-9790,CVE-2019-9791,CVE-2019-9792,CVE-2019-9793,CVE-2019-9794,CVE-2019-9795,CVE-2019-9796,CVE-2019-9801,CVE-2019-9810,CVE-2019-9813
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    MozillaFirefox-60.6.1-3.29.3
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    MozillaFirefox-60.6.1-3.29.3

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2019-04-04 19:10:51 UTC
openSUSE-SU-2019:1152-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1129821,1130262
CVE References: CVE-2019-9810,CVE-2019-9813
Sources used:
openSUSE Leap 42.3 (src):    MozillaThunderbird-60.6.1-89.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2019-04-05 19:26:55 UTC
openSUSE-SU-2019:1162-1: An update that fixes 16 vulnerabilities is now available.

Category: security (important)
Bug References: 1125330,1129821,1130262
CVE References: CVE-2018-18335,CVE-2018-18356,CVE-2018-18506,CVE-2018-18509,CVE-2019-5785,CVE-2019-9788,CVE-2019-9790,CVE-2019-9791,CVE-2019-9792,CVE-2019-9793,CVE-2019-9794,CVE-2019-9795,CVE-2019-9796,CVE-2019-9801,CVE-2019-9810,CVE-2019-9813
Sources used:
openSUSE Leap 15.0 (src):    MozillaThunderbird-60.6.1-lp150.3.37.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 18 Marcus Meissner 2019-07-18 08:39:56 UTC
released