Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-5798 (GCVE-0-2019-5798)
Vulnerability from cvelistv5 – Published: 2019-05-23 19:17 – Updated: 2024-08-04 20:09
VLAI
EPSS
Summary
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Severity
No CVSS data available.
CWE
- Out of bounds read
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://chromereleases.googleblog.com/2019/03/sta… | x_refsource_MISC |
| https://crbug.com/883596 | x_refsource_MISC |
| https://www.debian.org/security/2019/dsa-4451 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2019/May/67 | mailing-listx_refsource_BUGTRAQ |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/3997-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://access.redhat.com/errata/RHSA-2019:1310 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1308 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1309 | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:22.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/883596"
},
{
"name": "DSA-4451",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "RHSA-2019:1309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "openSUSE-SU-2019:1534",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "prior to 73.0.3683.75"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-28T17:06:06.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/883596"
},
{
"name": "DSA-4451",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "RHSA-2019:1309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "openSUSE-SU-2019:1534",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "prior to 73.0.3683.75"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
},
{
"name": "https://crbug.com/883596",
"refsource": "MISC",
"url": "https://crbug.com/883596"
},
{
"name": "DSA-4451",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1308",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "RHSA-2019:1309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "openSUSE-SU-2019:1534",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5798",
"datePublished": "2019-05-23T19:17:29.000Z",
"dateReserved": "2019-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:22.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-5798",
"date": "2026-05-29",
"epss": "0.01235",
"percentile": "0.79519"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-5798\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2019-05-23T20:29:01.047\",\"lastModified\":\"2024-11-21T04:45:30.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"La falta de comprobaci\u00f3n de l\u00edmites correcta en Skia en Google Chrome antes de la versi\u00f3n 73.0.3683.75, permiti\u00f3 que un atacante remoto ejecutara una lectura de memoria fuera de l\u00edmites por medio de una p\u00e1gina HTML creada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"73.0.3683.75\",\"matchCriteriaId\":\"EA174888-9FEB-4029-8E0D-D6CFCF1A74F6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"284A8DA0-317B-4BBE-AECB-7E91BBF0DD3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1308\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1309\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1310\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/883596\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/67\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://usn.ubuntu.com/3997-1/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4451\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1308\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1309\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1310\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/883596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/May/67\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3997-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Title
Уязвимость графической библиотеки Skia браузера Google Chrome, связанная с чтением за границами буфера данных, позволяющая нарушителю получить несанкционированный доступ к информации
Description
Уязвимость графической библиотеки Skia браузера Google Chrome связана с чтением за границами буфера данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к информации через специально созданную HTML-страницу
Severity
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, Novell Inc., ООО «РусБИТех-Астра», Google Inc, Mozilla Corp.
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (запись в едином реестре российских программ №369), SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, Firefox ESR, Thunderbird
Software Version
6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 12 (SUSE Package Hub for SUSE Linux Enterprise), до 73.0.3683.75 (Google Chrome), до 60.7 (Firefox ESR), до 1:60.7.1-1 (Thunderbird)
Possible Mitigations
Использование рекомендаций производителя:
Для chromium:
Обновление программного обеспечения до 75.0.3770.90-1 или более поздней версии
Для Debian:
Обновление программного обеспечения (пакета chromium) до 73.0.3683.75-1~deb9u1 или более поздней версии
Для Astra Linux:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186
Для программных продуктов Novell Inc.
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/errata/RHSA-2019:1308
https://access.redhat.com/errata/RHSA-2019:1309
https://access.redhat.com/errata/RHSA-2019:1310
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-5798
https://security-tracker.debian.org/tracker/CVE-2019-5798
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
https://access.redhat.com/errata/RHSA-2019:1308
https://access.redhat.com/errata/RHSA-2019:1309
https://access.redhat.com/errata/RHSA-2019:1310
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Google Inc, Mozilla Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 42.3 (OpenSUSE Leap), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 12 (SUSE Package Hub for SUSE Linux Enterprise), \u0434\u043e 73.0.3683.75 (Google Chrome), \u0434\u043e 60.7 (Firefox ESR), \u0434\u043e 1:60.7.1-1 (Thunderbird)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f chromium:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 75.0.3770.90-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 chromium) \u0434\u043e 73.0.3683.75-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2019:1308\nhttps://access.redhat.com/errata/RHSA-2019:1309\nhttps://access.redhat.com/errata/RHSA-2019:1310",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "23.05.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.02.2020",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.02.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-00687",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-5798",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, OpenSUSE Leap, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, Firefox ESR, Thunderbird",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 42.3 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Skia \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Skia \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u0443\u044e HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-5798\nhttps://security-tracker.debian.org/tracker/CVE-2019-5798\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html\nhttps://access.redhat.com/errata/RHSA-2019:1308\nhttps://access.redhat.com/errata/RHSA-2019:1309\nhttps://access.redhat.com/errata/RHSA-2019:1310",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
CERTFR-2019-AVI-099
Vulnerability from certfr_avis - Published: 2019-03-13 - Updated: 2019-03-13
De multiples vulnérabilités ont été découvertes dans Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Chrome versions ant\u00e9rieures \u00e0 73.0.3683.75",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-5804",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5804"
},
{
"name": "CVE-2019-5799",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5799"
},
{
"name": "CVE-2019-5797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5797"
},
{
"name": "CVE-2019-5800",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5800"
},
{
"name": "CVE-2019-5801",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5801"
},
{
"name": "CVE-2019-5788",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5788"
},
{
"name": "CVE-2019-5792",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5792"
},
{
"name": "CVE-2019-5798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
},
{
"name": "CVE-2019-5787",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5787"
},
{
"name": "CVE-2019-5796",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5796"
},
{
"name": "CVE-2019-5791",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5791"
},
{
"name": "CVE-2019-5803",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5803"
},
{
"name": "CVE-2019-5802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5802"
},
{
"name": "CVE-2019-5790",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5790"
},
{
"name": "CVE-2019-5795",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5795"
},
{
"name": "CVE-2019-5794",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5794"
},
{
"name": "CVE-2019-5789",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5789"
},
{
"name": "CVE-2019-5793",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5793"
}
],
"initial_release_date": "2019-03-13T00:00:00",
"last_revision_date": "2019-03-13T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-099",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Chrome. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Chrome du 12 mars 2019",
"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29"
}
]
}
CERTFR-2019-AVI-236
Vulnerability from certfr_avis - Published: 2019-05-22 - Updated: 2019-05-22
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 67",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 60.7",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11692"
},
{
"name": "CVE-2019-11693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11693"
},
{
"name": "CVE-2019-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11694"
},
{
"name": "CVE-2019-11691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11691"
},
{
"name": "CVE-2019-9815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9815"
},
{
"name": "CVE-2019-11701",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11701"
},
{
"name": "CVE-2019-9818",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9818"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2019-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11697"
},
{
"name": "CVE-2018-18511",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
},
{
"name": "CVE-2019-5798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
},
{
"name": "CVE-2019-9817",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9817"
},
{
"name": "CVE-2019-9819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9819"
},
{
"name": "CVE-2019-9814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9814"
},
{
"name": "CVE-2019-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11695"
},
{
"name": "CVE-2019-9816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9816"
},
{
"name": "CVE-2019-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11698"
},
{
"name": "CVE-2019-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11699"
},
{
"name": "CVE-2019-11700",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11700"
},
{
"name": "CVE-2019-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9820"
},
{
"name": "CVE-2019-9800",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9800"
},
{
"name": "CVE-2019-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11696"
},
{
"name": "CVE-2019-9797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9797"
},
{
"name": "CVE-2019-9821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9821"
}
],
"initial_release_date": "2019-05-22T00:00:00",
"last_revision_date": "2019-05-22T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-236",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-13 du 21 mai 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-14 du 21 mai 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/"
}
]
}
CERTFR-2019-AVI-237
Vulnerability from certfr_avis - Published: 2019-05-23 - Updated: 2019-05-23
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Mozilla Thunderbird versions antérieures à 60.7 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 60.7",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11692"
},
{
"name": "CVE-2019-11693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11693"
},
{
"name": "CVE-2019-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11694"
},
{
"name": "CVE-2019-11691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11691"
},
{
"name": "CVE-2019-9815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9815"
},
{
"name": "CVE-2019-9818",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9818"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2018-18511",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18511"
},
{
"name": "CVE-2019-5798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5798"
},
{
"name": "CVE-2019-9817",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9817"
},
{
"name": "CVE-2019-9819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9819"
},
{
"name": "CVE-2019-9816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9816"
},
{
"name": "CVE-2019-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11698"
},
{
"name": "CVE-2019-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9820"
},
{
"name": "CVE-2019-9800",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9800"
},
{
"name": "CVE-2019-9797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9797"
}
],
"initial_release_date": "2019-05-23T00:00:00",
"last_revision_date": "2019-05-23T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-237",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de\nservice et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2019-15 du 21 mai 2019",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/"
}
]
}
Title
Google Chrome越界读取漏洞(CNVD-2019-23139)
Description
Chrome是由谷歌开发的一款Web浏览工具。
Google Chrome 73.0.3683.75之前版本中的Skia存在越界读取漏洞。攻击者可利用该漏洞通过精心设计的HTML页面执行越界内存读取。
Severity
中
Patch Name
Google Chrome越界读取漏洞(CNVD-2019-23139)的补丁
Patch Description
Chrome是由谷歌开发的一款设计简单、高效的Web浏览工具,其特点是简洁、快速。
Google Chrome 73.0.3683.75之前版本中的Skia存在越界读取漏洞。攻击者可利用该漏洞通过精心设计的HTML页面执行越界内存读取。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://www.google.com/intl/zh-CN_ALL/chrome/
Reference
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
Impacted products
| Name | Google, Inc. Chrome <73.0.3683.75 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-5798"
}
},
"description": "Chrome\u662f\u7531\u8c37\u6b4c\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5de5\u5177\u3002\n\nGoogle Chrome 73.0.3683.75\u4e4b\u524d\u7248\u672c\u4e2d\u7684Skia\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u8bbe\u8ba1\u7684HTML\u9875\u9762\u6267\u884c\u8d8a\u754c\u5185\u5b58\u8bfb\u53d6\u3002",
"discovererName": "security",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.google.com/intl/zh-CN_ALL/chrome/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-23139",
"openTime": "2019-07-17",
"patchDescription": "Chrome\u662f\u7531\u8c37\u6b4c\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\uff0c\u5176\u7279\u70b9\u662f\u7b80\u6d01\u3001\u5feb\u901f\u3002\r\n\r\nGoogle Chrome 73.0.3683.75\u4e4b\u524d\u7248\u672c\u4e2d\u7684Skia\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u8bbe\u8ba1\u7684HTML\u9875\u9762\u6267\u884c\u8d8a\u754c\u5185\u5b58\u8bfb\u53d6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2019-23139\uff09\u7684\u8865\u4e01",
"products": {
"product": "Google, Inc. Chrome \u003c73.0.3683.75"
},
"referenceLink": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
"serverity": "\u4e2d",
"submitTime": "2019-03-13",
"title": "Google Chrome\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\uff08CNVD-2019-23139\uff09"
}
FKIE_CVE-2019-5798
Vulnerability from fkie_nvd - Published: 2019-05-23 20:29 - Updated: 2024-11-21 04:45
Severity
Summary
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| suse | package_hub | - | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 | |
| opensuse | backports | sle-15 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 42.3 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6",
"versionEndExcluding": "73.0.3683.75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "284A8DA0-317B-4BBE-AECB-7E91BBF0DD3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
},
{
"lang": "es",
"value": "La falta de comprobaci\u00f3n de l\u00edmites correcta en Skia en Google Chrome antes de la versi\u00f3n 73.0.3683.75, permiti\u00f3 que un atacante remoto ejecutara una lectura de memoria fuera de l\u00edmites por medio de una p\u00e1gina HTML creada."
}
],
"id": "CVE-2019-5798",
"lastModified": "2024-11-21T04:45:30.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T20:29:01.047",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/883596"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/883596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2019/dsa-4451"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-3R7C-93GC-73GW
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-10-11 19:00
VLAI
Details
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Severity
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-5798"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-23T20:29:00Z",
"severity": "MODERATE"
},
"details": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"id": "GHSA-3r7c-93gc-73gw",
"modified": "2022-10-11T19:00:48Z",
"published": "2022-05-24T16:46:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5798"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
},
{
"type": "WEB",
"url": "https://crbug.com/883596"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3997-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2019-5798
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-5798",
"description": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"id": "GSD-2019-5798",
"references": [
"https://www.suse.com/security/cve/CVE-2019-5798.html",
"https://www.debian.org/security/2019/dsa-4451",
"https://www.debian.org/security/2019/dsa-4448",
"https://www.debian.org/security/2019/dsa-4421",
"https://access.redhat.com/errata/RHSA-2019:1310",
"https://access.redhat.com/errata/RHSA-2019:1309",
"https://access.redhat.com/errata/RHSA-2019:1308",
"https://access.redhat.com/errata/RHSA-2019:1269",
"https://access.redhat.com/errata/RHSA-2019:1267",
"https://access.redhat.com/errata/RHSA-2019:1265",
"https://access.redhat.com/errata/RHSA-2019:0708",
"https://ubuntu.com/security/CVE-2019-5798",
"https://advisories.mageia.org/CVE-2019-5798.html",
"https://security.archlinux.org/CVE-2019-5798",
"https://linux.oracle.com/cve/CVE-2019-5798.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-5798"
],
"details": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"id": "GSD-2019-5798",
"modified": "2023-12-13T01:23:56.786685Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "prior to 73.0.3683.75"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
},
{
"name": "https://crbug.com/883596",
"refsource": "MISC",
"url": "https://crbug.com/883596"
},
{
"name": "DSA-4451",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1308",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "RHSA-2019:1309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "openSUSE-SU-2019:1534",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "73.0.3683.75",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5798"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/883596",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://crbug.com/883596"
},
{
"name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
},
{
"name": "DSA-4451",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"refsource": "BUGTRAQ",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"name": "USN-3997-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"name": "openSUSE-SU-2019:1484",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"name": "RHSA-2019:1310",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"name": "RHSA-2019:1309",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"name": "RHSA-2019:1308",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"name": "openSUSE-SU-2019:1534",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"name": "openSUSE-SU-2019:1664",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-10-11T14:30Z",
"publishedDate": "2019-05-23T20:29Z"
}
}
}
OPENSUSE-SU-2019:1062-1
Vulnerability from csaf_opensuse - Published: 2019-03-28 05:34 - Updated: 2019-03-28 05:34Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium to version 73.0.3683.75 fixes the following issues:
Security issues fixed (bsc#1129059):
- CVE-2019-5787: Fixed a use after free in Canvas.
- CVE-2019-5788: Fixed a use after free in FileAPI.
- CVE-2019-5789: Fixed a use after free in WebMIDI.
- CVE-2019-5790: Fixed a heap buffer overflow in V8.
- CVE-2019-5791: Fixed a type confusion in V8.
- CVE-2019-5792: Fixed an integer overflow in PDFium.
- CVE-2019-5793: Fixed excessive permissions for private API in Extensions.
- CVE-2019-5794: Fixed security UI spoofing.
- CVE-2019-5795: Fixed an integer overflow in PDFium.
- CVE-2019-5796: Fixed a race condition in Extensions.
- CVE-2019-5797: Fixed a race condition in DOMStorage.
- CVE-2019-5798: Fixed an out of bounds read in Skia.
- CVE-2019-5799: Fixed a CSP bypass with blob URL.
- CVE-2019-5800: Fixed a CSP bypass with blob URL.
- CVE-2019-5801: Fixed an incorrect Omnibox display on iOS.
- CVE-2019-5802: Fixed security UI spoofing.
- CVE-2019-5803: Fixed a CSP bypass with Javascript URLs'.
- CVE-2019-5804: Fixed a command line injection on Windows.
Release notes: https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
Patchnames: openSUSE-2019-1062
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
60 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium to version 73.0.3683.75 fixes the following issues:\n\nSecurity issues fixed (bsc#1129059): \n\n- CVE-2019-5787: Fixed a use after free in Canvas.\n- CVE-2019-5788: Fixed a use after free in FileAPI.\n- CVE-2019-5789: Fixed a use after free in WebMIDI.\n- CVE-2019-5790: Fixed a heap buffer overflow in V8.\n- CVE-2019-5791: Fixed a type confusion in V8.\n- CVE-2019-5792: Fixed an integer overflow in PDFium.\n- CVE-2019-5793: Fixed excessive permissions for private API in Extensions.\n- CVE-2019-5794: Fixed security UI spoofing.\n- CVE-2019-5795: Fixed an integer overflow in PDFium.\n- CVE-2019-5796: Fixed a race condition in Extensions.\n- CVE-2019-5797: Fixed a race condition in DOMStorage.\n- CVE-2019-5798: Fixed an out of bounds read in Skia.\n- CVE-2019-5799: Fixed a CSP bypass with blob URL.\n- CVE-2019-5800: Fixed a CSP bypass with blob URL.\n- CVE-2019-5801: Fixed an incorrect Omnibox display on iOS.\n- CVE-2019-5802: Fixed security UI spoofing.\n- CVE-2019-5803: Fixed a CSP bypass with Javascript URLs\u0027.\n- CVE-2019-5804: Fixed a command line injection on Windows.\n\nRelease notes: https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1062",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1062-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1062-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UEJ3CRVCTM23JSBBSLBH5OMPDHJF2SQK/#UEJ3CRVCTM23JSBBSLBH5OMPDHJF2SQK"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1062-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UEJ3CRVCTM23JSBBSLBH5OMPDHJF2SQK/#UEJ3CRVCTM23JSBBSLBH5OMPDHJF2SQK"
},
{
"category": "self",
"summary": "SUSE Bug 1129059",
"url": "https://bugzilla.suse.com/1129059"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5787 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5787/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5788 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5788/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5789 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5789/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5790 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5791 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5792 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5793 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5794 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5795 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5796 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5797 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5798 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5799 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5800 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5801 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5802 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5803 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5804 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5804/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2019-03-28T05:34:45Z",
"generator": {
"date": "2019-03-28T05:34:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1062-1",
"initial_release_date": "2019-03-28T05:34:45Z",
"revision_history": [
{
"date": "2019-03-28T05:34:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"product": {
"name": "chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"product_id": "chromedriver-73.0.3683.75-lp150.206.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-73.0.3683.75-lp150.206.1.x86_64",
"product": {
"name": "chromium-73.0.3683.75-lp150.206.1.x86_64",
"product_id": "chromium-73.0.3683.75-lp150.206.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-73.0.3683.75-lp150.206.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64"
},
"product_reference": "chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-73.0.3683.75-lp150.206.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
},
"product_reference": "chromium-73.0.3683.75-lp150.206.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-5787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5787"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5787",
"url": "https://www.suse.com/security/cve/CVE-2019-5787"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5787",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "critical"
}
],
"title": "CVE-2019-5787"
},
{
"cve": "CVE-2019-5788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5788"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5788",
"url": "https://www.suse.com/security/cve/CVE-2019-5788"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5788",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "critical"
}
],
"title": "CVE-2019-5788"
},
{
"cve": "CVE-2019-5789",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5789"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5789",
"url": "https://www.suse.com/security/cve/CVE-2019-5789"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5789",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "critical"
}
],
"title": "CVE-2019-5789"
},
{
"cve": "CVE-2019-5790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5790"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5790",
"url": "https://www.suse.com/security/cve/CVE-2019-5790"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5790",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "important"
}
],
"title": "CVE-2019-5790"
},
{
"cve": "CVE-2019-5791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5791"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5791",
"url": "https://www.suse.com/security/cve/CVE-2019-5791"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5791",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "important"
}
],
"title": "CVE-2019-5791"
},
{
"cve": "CVE-2019-5792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5792"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5792",
"url": "https://www.suse.com/security/cve/CVE-2019-5792"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5792",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "important"
}
],
"title": "CVE-2019-5792"
},
{
"cve": "CVE-2019-5793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5793"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5793",
"url": "https://www.suse.com/security/cve/CVE-2019-5793"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5793",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-5793"
},
{
"cve": "CVE-2019-5794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5794"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5794",
"url": "https://www.suse.com/security/cve/CVE-2019-5794"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5794",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-5794"
},
{
"cve": "CVE-2019-5795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5795"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5795",
"url": "https://www.suse.com/security/cve/CVE-2019-5795"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5795",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "important"
}
],
"title": "CVE-2019-5795"
},
{
"cve": "CVE-2019-5796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5796"
}
],
"notes": [
{
"category": "general",
"text": "Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5796",
"url": "https://www.suse.com/security/cve/CVE-2019-5796"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5796",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "important"
}
],
"title": "CVE-2019-5796"
},
{
"cve": "CVE-2019-5797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5797"
}
],
"notes": [
{
"category": "general",
"text": "Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5797",
"url": "https://www.suse.com/security/cve/CVE-2019-5797"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5797",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "important"
}
],
"title": "CVE-2019-5797"
},
{
"cve": "CVE-2019-5798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5798"
}
],
"notes": [
{
"category": "general",
"text": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5798",
"url": "https://www.suse.com/security/cve/CVE-2019-5798"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5798",
"url": "https://bugzilla.suse.com/1129059"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-5798",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-5798"
},
{
"cve": "CVE-2019-5799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5799"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect inheritance of a new document\u0027s policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5799",
"url": "https://www.suse.com/security/cve/CVE-2019-5799"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5799",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-5799"
},
{
"cve": "CVE-2019-5800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5800"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5800",
"url": "https://www.suse.com/security/cve/CVE-2019-5800"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5800",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-5800"
},
{
"cve": "CVE-2019-5801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5801"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5801",
"url": "https://www.suse.com/security/cve/CVE-2019-5801"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5801",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-5801"
},
{
"cve": "CVE-2019-5802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5802"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5802",
"url": "https://www.suse.com/security/cve/CVE-2019-5802"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5802",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-5802"
},
{
"cve": "CVE-2019-5803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5803"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5803",
"url": "https://www.suse.com/security/cve/CVE-2019-5803"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5803",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-5803"
},
{
"cve": "CVE-2019-5804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5804"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5804",
"url": "https://www.suse.com/security/cve/CVE-2019-5804"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5804",
"url": "https://bugzilla.suse.com/1129059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-73.0.3683.75-lp150.206.1.x86_64",
"openSUSE Leap 15.0:chromium-73.0.3683.75-lp150.206.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-28T05:34:45Z",
"details": "moderate"
}
],
"title": "CVE-2019-5804"
}
]
}
OPENSUSE-SU-2019:1534-1
Vulnerability from csaf_opensuse - Published: 2019-06-10 09:32 - Updated: 2019-06-10 09:32Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
MozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14):
* CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
* CVE-2019-11691: Use-after-free in XMLHttpRequest
* CVE-2019-11692: Use-after-free removing listeners in the event listener manager
* CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
* CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox
* CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
* CVE-2019-5798: Out-of-bounds read in Skia
* CVE-2019-7317: Use-after-free in png_image_free of libpng library
* CVE-2019-9797: Cross-origin theft of images with createImageBitmap
* CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
* CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
* CVE-2019-9816: Type confusion with object groups and UnboxedObjects
* CVE-2019-9817: Stealing of cross-domain images using canvas
* CVE-2019-9818: (Windows only) Use-after-free in crash generation server
* CVE-2019-9819: Compartment mismatch with fetch API
* CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
* CVE-2019-9821: Use-after-free in AssertWorkerThread
Patchnames: openSUSE-2019-1534
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
64 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nMozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14):\n\n* CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext\n* CVE-2019-11691: Use-after-free in XMLHttpRequest\n* CVE-2019-11692: Use-after-free removing listeners in the event listener manager\n* CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n* CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox\n* CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n* CVE-2019-5798: Out-of-bounds read in Skia\n* CVE-2019-7317: Use-after-free in png_image_free of libpng library\n* CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n* CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n* CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS\n* CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n* CVE-2019-9817: Stealing of cross-domain images using canvas\n* CVE-2019-9818: (Windows only) Use-after-free in crash generation server\n* CVE-2019-9819: Compartment mismatch with fetch API\n* CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n* CVE-2019-9821: Use-after-free in AssertWorkerThread\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1534",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1534-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1534-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YRJRSOQJ2HUXLMXMB5IAGC7CGYVG6MJ7/#YRJRSOQJ2HUXLMXMB5IAGC7CGYVG6MJ7"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1534-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YRJRSOQJ2HUXLMXMB5IAGC7CGYVG6MJ7/#YRJRSOQJ2HUXLMXMB5IAGC7CGYVG6MJ7"
},
{
"category": "self",
"summary": "SUSE Bug 1135824",
"url": "https://bugzilla.suse.com/1135824"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18511 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11691 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11692 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11693 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11694 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11698 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5798 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7317 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9797 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9800 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9815 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9816 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9817 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9818 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9819 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9820 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9821 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9821/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2019-06-10T09:32:29Z",
"generator": {
"date": "2019-06-10T09:32:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1534-1",
"initial_release_date": "2019-06-10T09:32:29Z",
"revision_history": [
{
"date": "2019-06-10T09:32:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-60.7.0-lp150.3.54.5.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64",
"product_id": "MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-18511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18511"
}
],
"notes": [
{
"category": "general",
"text": "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox \u003c 65.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18511",
"url": "https://www.suse.com/security/cve/CVE-2018-18511"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1125396"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2018-18511",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2018-18511"
},
{
"cve": "CVE-2019-11691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11691"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11691",
"url": "https://www.suse.com/security/cve/CVE-2019-11691"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11691",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-11691"
},
{
"cve": "CVE-2019-11692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11692"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11692",
"url": "https://www.suse.com/security/cve/CVE-2019-11692"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11692",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-11692"
},
{
"cve": "CVE-2019-11693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11693"
}
],
"notes": [
{
"category": "general",
"text": "The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11693",
"url": "https://www.suse.com/security/cve/CVE-2019-11693"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11693",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-11693"
},
{
"cve": "CVE-2019-11694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11694"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11694",
"url": "https://www.suse.com/security/cve/CVE-2019-11694"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11694",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-11694"
},
{
"cve": "CVE-2019-11698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11698"
}
],
"notes": [
{
"category": "general",
"text": "If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user\u0027s browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11698",
"url": "https://www.suse.com/security/cve/CVE-2019-11698"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-11698",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-11698"
},
{
"cve": "CVE-2019-5798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5798"
}
],
"notes": [
{
"category": "general",
"text": "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5798",
"url": "https://www.suse.com/security/cve/CVE-2019-5798"
},
{
"category": "external",
"summary": "SUSE Bug 1129059 for CVE-2019-5798",
"url": "https://bugzilla.suse.com/1129059"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-5798",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2019-5798"
},
{
"cve": "CVE-2019-7317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7317"
}
],
"notes": [
{
"category": "general",
"text": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7317",
"url": "https://www.suse.com/security/cve/CVE-2019-7317"
},
{
"category": "external",
"summary": "SUSE Bug 1124211 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1124211"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1135824"
},
{
"category": "external",
"summary": "SUSE Bug 1141780 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1141780"
},
{
"category": "external",
"summary": "SUSE Bug 1147021 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1147021"
},
{
"category": "external",
"summary": "SUSE Bug 1165297 for CVE-2019-7317",
"url": "https://bugzilla.suse.com/1165297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2019-7317"
},
{
"cve": "CVE-2019-9797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9797"
}
],
"notes": [
{
"category": "general",
"text": "Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox \u003c 66.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9797",
"url": "https://www.suse.com/security/cve/CVE-2019-9797"
},
{
"category": "external",
"summary": "SUSE Bug 1129821 for CVE-2019-9797",
"url": "https://bugzilla.suse.com/1129821"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9797",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9797"
},
{
"cve": "CVE-2019-9800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9800"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9800",
"url": "https://www.suse.com/security/cve/CVE-2019-9800"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9800",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9800"
},
{
"cve": "CVE-2019-9815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9815"
}
],
"notes": [
{
"category": "general",
"text": "If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9815",
"url": "https://www.suse.com/security/cve/CVE-2019-9815"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9815",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9815"
},
{
"cve": "CVE-2019-9816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9816"
}
],
"notes": [
{
"category": "general",
"text": "A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9816",
"url": "https://www.suse.com/security/cve/CVE-2019-9816"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9816",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9816"
},
{
"cve": "CVE-2019-9817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9817"
}
],
"notes": [
{
"category": "general",
"text": "Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9817",
"url": "https://www.suse.com/security/cve/CVE-2019-9817"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9817",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9817"
},
{
"cve": "CVE-2019-9818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9818"
}
],
"notes": [
{
"category": "general",
"text": "A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9818",
"url": "https://www.suse.com/security/cve/CVE-2019-9818"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9818",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9818"
},
{
"cve": "CVE-2019-9819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9819"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9819",
"url": "https://www.suse.com/security/cve/CVE-2019-9819"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9819",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9819"
},
{
"cve": "CVE-2019-9820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9820"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.7, Firefox \u003c 67, and Firefox ESR \u003c 60.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9820",
"url": "https://www.suse.com/security/cve/CVE-2019-9820"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9820",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9820"
},
{
"cve": "CVE-2019-9821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9821"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 67.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9821",
"url": "https://www.suse.com/security/cve/CVE-2019-9821"
},
{
"category": "external",
"summary": "SUSE Bug 1135824 for CVE-2019-9821",
"url": "https://bugzilla.suse.com/1135824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:MozillaFirefox-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-branding-upstream-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-buildsymbols-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-devel-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-common-60.7.0-lp150.3.54.5.x86_64",
"openSUSE Leap 15.0:MozillaFirefox-translations-other-60.7.0-lp150.3.54.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-10T09:32:29Z",
"details": "important"
}
],
"title": "CVE-2019-9821"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…