What Are You Looking For?

Sign Up
Synopsis:          Critical: firefox security update
Advisory ID:       SLSA-2018:0122-1
Issue Date:        2018-01-24
CVE Numbers:       CVE-2018-5089
                   CVE-2018-5091
                   CVE-2018-5095
                   CVE-2018-5096
                   CVE-2018-5097
                   CVE-2018-5098
                   CVE-2018-5099
                   CVE-2018-5102
                   CVE-2018-5103
                   CVE-2018-5104
                   CVE-2018-5117
--

This update upgrades Firefox to version 52.6.0 ESR.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095,
CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102,
CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)

* To mitigate timing-based side-channel attacks similar to "Spectre" and
"Meltdown", the resolution of performance.now() has been reduced from 5s
to 20s.
--

SL6
  x86_64
    firefox-52.6.0-1.el6_9.x86_64.rpm
    firefox-debuginfo-52.6.0-1.el6_9.x86_64.rpm
    firefox-52.6.0-1.el6_9.i686.rpm
    firefox-debuginfo-52.6.0-1.el6_9.i686.rpm
  i386
    firefox-52.6.0-1.el6_9.i686.rpm
    firefox-debuginfo-52.6.0-1.el6_9.i686.rpm
SL7
  x86_64
    firefox-52.6.0-1.el7_4.x86_64.rpm
    firefox-debuginfo-52.6.0-1.el7_4.x86_64.rpm
    firefox-52.6.0-1.el7_4.i686.rpm
    firefox-debuginfo-52.6.0-1.el7_4.i686.rpm

- Scientific Linux Development Team

SciLinux: SLSA-2018-0122-1 Critical: firefox on SL6.x, SL7.x i386/x86_64

This update upgrades Firefox to version 52.6.0 ESR

Summary

Critical: firefox security update



Security Fixes

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)
* To mitigate timing-based side-channel attacks similar to "Spectre" and "Meltdown", the resolution of performance.now() has been reduced from 5s to 20s.
SL6 x86_64 firefox-52.6.0-1.el6_9.x86_64.rpm firefox-debuginfo-52.6.0-1.el6_9.x86_64.rpm firefox-52.6.0-1.el6_9.i686.rpm firefox-debuginfo-52.6.0-1.el6_9.i686.rpm i386 firefox-52.6.0-1.el6_9.i686.rpm firefox-debuginfo-52.6.0-1.el6_9.i686.rpm SL7 x86_64 firefox-52.6.0-1.el7_4.x86_64.rpm firefox-debuginfo-52.6.0-1.el7_4.x86_64.rpm firefox-52.6.0-1.el7_4.i686.rpm firefox-debuginfo-52.6.0-1.el7_4.i686.rpm
- Scientific Linux Development Team

Severity
Advisory ID: SLSA-2018:0122-1
Issued Date: : 2018-01-24
CVE Numbers: CVE-2018-5089
CVE-2018-5091
CVE-2018-5095

Related News

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses

About Us

Powered By

Footer Logo