openSUSE: 2018:0203-1: important: MozillaFirefox
Description
This update for MozillaFirefox fixes the following issues: - update to Firefox 52.6esr (boo#1077291) MFSA 2018-01 * Speculative execution side-channel attack ("Spectre") MFSA 2018-03 * CVE-2018-5091 (bmo#1423086) Use-after-free with DTMF timers * CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during edge builder allocation * CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements * CVE-2018-5097 (bmo#1387427) Use-after-free when source document is manipulated during XSLT * CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form input elements * CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener * CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements * CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling * CVE-2018-5104 (bmo#1425000) Use-after-free during font face manipulation * CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text aligned left-to-right * CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 - Added additional patches and configurations to fix builds on s390 and PowerPC. * Added firefox-glibc-getrandom.patch effecting builds on s390 and PowerPC * Added mozilla-s390-bigendian.patch along with icudt58b.dat bigendian ICU data file for running Firefox on bigendian architectures (bmo#1322212 and bmo#1264836) * Added mozilla-s390-nojit.patch to enable atomic operations used by the JS engine when JIT is disabled on s390 * Build configuration options specific to s390 * Requires NSS >= 3.29.5
Patch
Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-85=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2018-85=1 To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.3 (x86_64): MozillaFirefox-52.6-75.1 MozillaFirefox-branding-upstream-52.6-75.1 MozillaFirefox-buildsymbols-52.6-75.1 MozillaFirefox-debuginfo-52.6-75.1 MozillaFirefox-debugsource-52.6-75.1 MozillaFirefox-devel-52.6-75.1 MozillaFirefox-translations-common-52.6-75.1 MozillaFirefox-translations-other-52.6-75.1 - openSUSE Leap 42.2 (x86_64): MozillaFirefox-52.6-57.30.1 MozillaFirefox-branding-upstream-52.6-57.30.1 MozillaFirefox-buildsymbols-52.6-57.30.1 MozillaFirefox-debuginfo-52.6-57.30.1 MozillaFirefox-debugsource-52.6-57.30.1 MozillaFirefox-devel-52.6-57.30.1 MozillaFirefox-translations-common-52.6-57.30.1 MozillaFirefox-translations-other-52.6-57.30.1
References
https://www.suse.com/security/cve/CVE-2018-5089.html https://www.suse.com/security/cve/CVE-2018-5091.html https://www.suse.com/security/cve/CVE-2018-5095.html https://www.suse.com/security/cve/CVE-2018-5096.html https://www.suse.com/security/cve/CVE-2018-5097.html https://www.suse.com/security/cve/CVE-2018-5098.html https://www.suse.com/security/cve/CVE-2018-5099.html https://www.suse.com/security/cve/CVE-2018-5102.html https://www.suse.com/security/cve/CVE-2018-5103.html https://www.suse.com/security/cve/CVE-2018-5104.html https://www.suse.com/security/cve/CVE-2018-5117.html https://bugzilla.suse.com/1077291--