Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2388
firefox-esr security update
2 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: firefox-esr
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11708
Reference: ESB-2019.2385
ESB-2019.2327
ESB-2019.2291
ESB-2019.2289
Original Bulletin:
http://www.debian.org/security/2019/dsa-4474
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4474-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2019 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : firefox-esr
CVE ID : CVE-2019-11708
A sandbox escape was found in the Mozilla Firefox web browser, which
could potentially result in the execution of arbitrary code if
combined with additional vulnerabilities.
For the stable distribution (stretch), this problem has been fixed in
version 60.7.2esr-1~deb9u1.
We recommend that you upgrade your firefox-esr packages.
For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0adRcACgkQEMKTtsN8
TjYKHBAApN416auBff8xAHuH0T/bIXuhuYbc+OGXJl+zg8dYdFsZZNUHjmqdIRaz
09tWCIASa/eBW3Q0jWPoTus6cjwLPKqdhgbO5FusjBAqxEF84EBByzx/JCsMV2EO
HhWk33b7eRI+LvFiAUWwbNhrz7tE0PlMdg9WHXFY4kWXds7ra9ubS9Fuz50Vyvca
3szzeKsyOO6FPScjc7jDAL3UNKisywBQqm1eXiHrgQFYCdQapqJ0zQYHwD0PvwKi
WQbW6eeX+omLIS28eeSpausOLcaztUGtcdBNkgIjS/BM8EyDlHWm2r+ICOgZ4PGO
ykvR6UvJvE6LX/NIlDaK2QrZHoB94IvFfAsg8T4jVfSTFHW/HvT91+3lT326ugvR
mwB5SttnwBbikJp+Z7h5xG9FxhkWrJ1u1BaC6K+hUhXHP7cnN43Xq34IH1dG5zUx
LjDu0HN8dBcOzuohC4vA6aQWkxa1pNG1XWLbxKKVrSO1ocfoqFBzDmiAT64nR5KM
Q4eIQx4BjUzVKgdE8wMy5AiHbbQ+hjVOhJA+gdfrbQWFlCuWKpK+6Zer76hxbVeI
GcOXTLXAwTnfm5hlkf8yO1wobe5I4hqQRWcCyqDd0/l4R6mdnHr+ja8m0WiQfK70
pgkG3KqeO7+qNpteLdIjMUYxKvLFZH2/OvgfLZH7dAR97pfjW6c=
=uXCj
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXRqsc2aOgq3Tt24GAQjtABAAmBHStlETD3tBt7BVRnnTQkkDvat4ccsx
D+uqCnhGrI7JkzQY9PLtwKxSaPcyJiLesRVCJSUejPZGDLkU3p2KneYyjC53AMTI
Ew5tDEPpIQTU069KhbtPy4KAjE+G1yZgG0/qBQd0OaHi9dIouzGmSX0H9C77iaO2
gZKP7nzDNuwul4FAw2qYlvIGAvm8Nah2W8YTKyC/vxQrerYUu83ZlAjfOwt73AXQ
+QY6R2PQTsxQTgt/3eVuMiK0QiXa8ReCypBrOij5N6KmjtKELPocbgyjQ4y1U1Vd
Ih8JiktfTMriTRyQzFqod+FNVzfKR9VfXuc1mpLc3O005d5olKVxcFbSiFB2iWqe
4igay8q6s6gjR6K0WKK9uFzDMqgs0yrlDRiQgQuVsMJ2v3RXNQWobEKmOezIbIbz
iu7YrpaoQI0L4NUemixcR8vEA1hdti6B6MB9zPMhSnNZfWXFYssomqp3VKhjMJwi
tWQgAqPS2rbb38DrCe8G5q6G8zLYpYtyiXWi28moyMzeEBQv6p9LtuajNXz5gNgF
EtdwAurvLF9MXYc3TlhfT63eQ+KISmZ7mH/jiFGuNvMaHfbFRmnlnlkP11WM7J+d
qf0FdbIQNuAjUrMZROpSNcmmDjBd0JlDjUoER29EKtmyYF+L7AHRqOuR+siBgmg9
N2w8mLWXGVI=
=CrUd
-----END PGP SIGNATURE-----