We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

When will CVE-2019-11754 will be patched on ESR 68 ?

  • 3 பதிலளிப்புகள்
  • 1 இந்த பிரச்சனை உள்ளது
  • 17 views
  • Last reply by philipp

Dear All From what I see this Vulnerability , is only patched in 69.0.1 https://www.mozilla.org/en-US/security/advisories/mfsa2019-31/ But there have been later ESR 68.2.0 patched released that does not have this mitigated . Will 68 channel ever will get this patched , or will we need to wait for ESR 69 ? When is that supposed to be released ?

Dear All From what I see this Vulnerability , is only patched in 69.0.1 https://www.mozilla.org/en-US/security/advisories/mfsa2019-31/ But there have been later ESR 68.2.0 patched released that does not have this mitigated . Will 68 channel ever will get this patched , or will we need to wait for ESR 69 ? When is that supposed to be released ?

தீர்வு தேர்ந்தெடுக்கப்பட்டது

the bug referenced in https://www.mozilla.org/en-US/security/advisories/mfsa2019-31/ hasn't been made public yet unfortunately, so you won't be able to confirm this by yourself yet :-/

the underlying cause was just introduced in Firefox 69 though, so 69.0 is the only version affected by this vulnerability.

Read this answer in context 👍 1

All Replies (3)

hello, firefox 68esr is not affected by CVE-2019-11754.

Thanks

From this source where many security tools gather their information for baseline scans (e.g. Qualys and such) it says that this is affected FF under 69.0.1 and does not mention ESR the same as CVE-2019-11753 for example: https://www.cvedetails.com/vulnerability-list/vendor_id-452/product_id-3264/Mozilla-Firefox.html

is there any place on line that confirm that this vuln does not affect ESR 68 ?

தீர்வு தேர்ந்தெடுக்கப்பட்டது

the bug referenced in https://www.mozilla.org/en-US/security/advisories/mfsa2019-31/ hasn't been made public yet unfortunately, so you won't be able to confirm this by yourself yet :-/

the underlying cause was just introduced in Firefox 69 though, so 69.0 is the only version affected by this vulnerability.