-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2019.1841.2
                        firefox-esr security update
                                24 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           firefox-esr
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   Debian GNU/Linux 9
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-11698 CVE-2019-11693 CVE-2019-11692
                   CVE-2019-11691 CVE-2019-9820 CVE-2019-9819
                   CVE-2019-9817 CVE-2019-9816 CVE-2019-9800
                   CVE-2019-9797 CVE-2019-7317 CVE-2019-5798
                   CVE-2018-18511  

Reference:         ASB-2019.0082
                   ESB-2019.1821
                   ESB-2019.1815

Original Bulletin: 
   http://www.debian.org/security/2019/dsa-4448

Comment: This bulletin contains two (2) Debian security advisories.

Revision History:  May 24 2019: Added Debian 8 update
                   May 23 2019: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4448-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 22, 2019                          https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2018-18511 CVE-2019-5798  CVE-2019-7317  CVE-2019-9797 
                 CVE-2019-9800  CVE-2019-9816  CVE-2019-9817  CVE-2019-9819 
                 CVE-2019-9820  CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 
                 CVE-2019-11698

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary code.

For the stable distribution (stretch), these problems have been fixed in
version 60.7.0esr-1~deb9u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzlvbsACgkQEMKTtsN8
Tjbjdw//SFhYHCEUthqN3/dLBiaxWDgroWKROjsm13N+83Tc859m5oGFutT1X5Ry
C57MaxZ6Jfv5lh2jnIzFbOOTc3iMZak5NhhvMeq/SK9FlR/IqZ3wXIzUELBC8o3v
iEXZfD6MDycNnlhe4034zzwevxy4+/olXk1mU9ePsoO3LWkFIFRpkE5EhV+5ZIUh
OPadgArSzVe2mS/+HpIAzAaJHii8fe3PmUprYzf1rNReR7NfA21mZtHiD/X57Sq4
NT6st/W8aqEblc57fcAMJJve3H7lvbPqB7GPoVsFhIauHV6Sa6/ks8cyqMiF5KLj
dz7DSAFkdpd0cRF/94jWy13dzeZ3+koH4M4pdqk41R3Cb4VixNdBxMsJKsn25efE
AbR/6rF6IFmWe0PswyHHPmwsd/+5w2r5Az/mlQn/3vVtVL8XoZLpGrLx4WT03Fi7
c9Ax/TniB/tAVseR7SkaawuvAzCtN9RtQ/7q7z9jEvSZV6AgYsQzQuCzn/jHXGuq
Ay3coWxRAFBHTE4HgFrZRtZmRuoZ2lMIoN+jYiicZ9UAG5IXVexo9JWZGWR1QWnS
U3AwK0Qi7firv3/lz3IgTdAdwK/P38nfVRtQmtZfnsk6wCDDp7F67Fb1kH4ZXPUl
0DjtVTaxSXqtsqDXhx6jS26w9n9NThax2+JRpdcAnDx5gyCu1zo=
=r0k3
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------

- ----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : firefox-esr
Version        : 60.7.0esr-1~deb8u1
CVE ID         : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797
                 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819
                 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693
                 CVE-2019-11698

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary code.

For Debian 8 "Jessie", these problems have been fixed in version
60.7.0esr-1~deb8u1.

We recommend that you upgrade your firefox-esr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlzmapAACgkQnUbEiOQ2
gwKVFw/+IIgOR6VqEeqH4Wdylmgs+m8AL2TJu77QzW04+QigCz3U3FpuNr2GseJ3
18gCGdXyRd4uhkCLfn84sFq4CULJYp0a5kb3tFhq/5KlL1mO32bvqWRZvEyg2kdg
L0H9tLCQ+FJp8Fc/2rP0PBul3Z5SnHmv4ql7vT/dINcHhRldtF6t/bzInxQZNOIp
s2AwfjHzvQ/VpHIUTBtMKJFPMI0SplNiCRqd4QmWk0Mnx8yOLPP+gW1XVBWhVUnJ
1eNs5Noe1X2Ac+tsgTZ62YSqKDJg7eSl4G7JVoFqCKyImIshJxPlq3GcYPZa07ZQ
+sfnBKMkERKlWN00DzDXjlc5RgDWlC0HJ83wEbfXvPCn9Qi/eLbY8CFWVTFXUdYI
1UXDz5GdSN4oMAXWp4ZvMp6TDvw/hCjkFXGzInsh9hhEnuXbhq8VJCYX8Ji+CNCO
fTxruT2bwu1jT8250PwdK2F417yTYg38oAbx9L16xfyj53kL8d/FfbU5tX5q+mfy
jl8PtLn8P4m5iYetlIVzF33rMRFPZNnfJD4RybFTiUKlTsiby2UEaxT0qwHpPUjp
T4uruWm45wybbIptPLUQan/Mdx8XHRufvv8IByPPIHfF+PhjbSu0G+C82cKe4etn
4MtJK83fNjRB/e/D6oK6lVyPZFjSsxRIdNinyqoCsfyd6mVo/mE=
=0sV4
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXOcgwGaOgq3Tt24GAQiu/Q/+OpJgbBhQFNvbdTQhAitK/s6VlMd7X9FW
8sDE/0uMRf+83sW1VrmrklA5KovkAvhwt0EOSFjBbEiYTQYOfSh7Vs+SdsHx0dLd
EB/iLKizACzXvp7oN3O6E3YSxiMtdSbAPl0SFaqLrjBUTfC1k9xwoXuUXaKR1yXi
vHHubf5MS64H6IFp2sn0j0aCxwvu4xfP32yBydafRsg/A+IlBSIo9cCgyiij5UfV
UFH2XVwyl3GiKIjhX61nWANLPmnD88TXzhUT++DOR/CL9PrUcVfXSiAsDUf0Ezor
7uij9D/fRnpLbcYBJqJ6wyeIOePktE9BwKAdXIx/rE0cx2ckDwiLQCdgLAy0csy0
lgBnD2bb6xrUcLgC1MMCl9adYxrpDKQjNiP47MhWVEPmqC8IH9MIk4wXzUAfDK3E
stDiynKED5P1UoMo8xU3PfgKEZiCooL4P0ikOqwoPGJBtArL54auzn55lnXtyiID
Ghw0GCFZ9ZksaUzkxOUw7VvHaOyOfOwW6ItI2pPMiIFn78ZV2f+f/8RdABp9ZrEb
4ntrNeop+YP9LJqwD+Zz++BghkXY2J6mSi4KGeKkEWV+EK5Ae5y1JjF6BbJ/RV+V
ydxa4o5pHOBO1eCOoKdknwzXBWuo0/cJIHs2FBvzrIwCuFyFcP2cRktp+iv3OyKq
aGbqX2Pi4S4=
=w3Ie
-----END PGP SIGNATURE-----