rpm package
suse/MozillaFirefox&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP1
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1
Vulnerabilities (165)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11727 | — | < 68.1.0-3.54.2 | 68.1.0-3.54.2 | Jul 23, 2019 | A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messag | ||
| CVE-2019-11728 | — | < 68.1.0-3.54.2 | 68.1.0-3.54.2 | Jul 23, 2019 | The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68. | ||
| CVE-2019-11729 | — | < 60.8.0-3.51.4 | 60.8.0-3.51.4 | Jul 23, 2019 | Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | ||
| CVE-2019-11730 | — | < 60.8.0-3.51.4 | 60.8.0-3.51.4 | Jul 23, 2019 | A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these | ||
| CVE-2019-7317 | — | < 60.7.0-3.40.6 | 60.7.0-3.40.6 | Feb 4, 2019 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. |
- CVE-2019-11727Jul 23, 2019affected < 68.1.0-3.54.2fixed 68.1.0-3.54.2
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messag
- CVE-2019-11728Jul 23, 2019affected < 68.1.0-3.54.2fixed 68.1.0-3.54.2
The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68.
- CVE-2019-11729Jul 23, 2019affected < 60.8.0-3.51.4fixed 60.8.0-3.51.4
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
- CVE-2019-11730Jul 23, 2019affected < 60.8.0-3.51.4fixed 60.8.0-3.51.4
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these
- CVE-2019-7317Feb 4, 2019affected < 60.7.0-3.40.6fixed 60.7.0-3.40.6
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Page 9 of 9