Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SciLinux: SLSA-2018-2112-1 Critical Firefox Update With Severe Threats

Calendar Jul 09, 2018 User Avatar LinuxSecurity Advisories
1 - 2 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory buffer overflow critical firefox memory safety browser update
This update upgrades Firefox to version 60.1.0 ESR. Many older firefox extensions must be updated to work with this new release. * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Media re [More...] 
Synopsis:          Critical: firefox security update
Advisory ID:       SLSA-2018:2112-1
Issue Date:        2018-06-28
CVE Numbers:       CVE-2018-6126
                   CVE-2017-7762
                   CVE-2018-12359
                   CVE-2018-12360
                   CVE-2018-12362
                   CVE-2018-12363
                   CVE-2018-12364
                   CVE-2018-12365
                   CVE-2018-12366
                   CVE-2018-5156
                   CVE-2018-5188
--

This update upgrades Firefox to version 60.1.0 ESR.

Many older firefox extensions must be updated to work with this new release.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and
Firefox ESR 52.9 (CVE-2018-5188)

* Mozilla: Buffer overflow using computed size of canvas element
(CVE-2018-12359)

* Mozilla: Use-after-free using focus() (CVE-2018-12360)

* Mozilla: Media recorder segmentation fault when track type is changed
during capture (CVE-2018-5156)

* Skia: Heap buffer overflow rasterizing paths in SVG (CVE-2018-6126)

* Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362)

* Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363)

* Mozilla: CSRF attacks through 307 redirects and NPAPI plugins
(CVE-2018-12364)

* Mozilla: address bar username and password spoofing in reader mode
(CVE-2017-7762)

* Mozilla: Compromised IPC child process can list local filenames
(CVE-2018-12365)

* Mozilla: Invalid data handling during QCMS transformations
(CVE-2018-12366)
--

SL6
  x86_64
    firefox-60.1.0-5.el6.x86_64.rpm
    firefox-debuginfo-60.1.0-5.el6.x86_64.rpm
    firefox-60.1.0-5.el6.i686.rpm
    firefox-debuginfo-60.1.0-5.el6.i686.rpm
  i386
    firefox-60.1.0-5.el6.i686.rpm
    firefox-debuginfo-60.1.0-5.el6.i686.rpm

- Scientific Linux Development Team
Your message here