SciLinux: SLSA-2018-1415-1 Critical: firefox on SL7.x x86_64
Summary
Critical: firefox security update
Security Fixes
* Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
(CVE-2018-5150)
* Mozilla: Backport critical security fixes in Skia (CVE-2018-5183)
* Mozilla: Use-after-free with SVG animations and clip paths
(CVE-2018-5154)
* Mozilla: Use-after-free with SVG animations and text paths
(CVE-2018-5155)
* Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files
(CVE-2018-5157)
* Mozilla: Malicious PDF can inject JavaScript into PDF Viewer
(CVE-2018-5158)
* Mozilla: Integer overflow and out-of-bounds write in Skia
(CVE-2018-5159)
* Mozilla: Lightweight themes can be installed without user interaction
(CVE-2018-5168)
* Mozilla: Buffer overflow during UTF-8 to Unicode string conversion
through legacy extension (CVE-2018-5178)
SL7
x86_64
firefox-52.8.0-1.el7_5.x86_64.rpm
firefox-debuginfo-52.8.0-1.el7_5.x86_64.rpm
firefox-52.8.0-1.el7_5.i686.rpm
firefox-debuginfo-52.8.0-1.el7_5.i686.rpm
- Scientific Linux Development Team