SUSE: 2018:2298-1 important: MozillaFirefox
Summary
This update for MozillaFirefox to the 52.9 ESR release fixes the following issues: These security issues were fixed: - Firefox ESR 52.9: - CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 (bsc#1098998). - CVE-2018-12368 No warning when opening executable SettingContent-ms files (bsc#1098998). - CVE-2018-12366 Invalid data handling during QCMS transformations (bsc#1098998). - CVE-2018-12365 Compromised IPC child process can list local filenames (bsc#1098998). - CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998). - CVE-2018-12363 Use-after-free when appending DOM nodes (bsc#1098998). - CVE-2018-12362 Integer overflow in SSSE3 scaler (bsc#1098998). - CVE-2018-12360 Use-after-free when using focus() (bsc#1098998). - CVE-2018-5156 Media recorder segmentation fault when track type is changed during capture (bsc#1098998). - CVE-2018-12359 Buffer overflow using computed size of canvas element (bsc#1098998). - Firefox ESR 52.8: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). - CVE-2018-5183: Backport critical security fixes in Skia (bsc#1092548). - CVE-2018-5154: Use-after-free with SVG animations and clip paths (bsc#1092548). - CVE-2018-5155: Use-after-free with SVG animations and text paths (bsc#1092548). - CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files (bsc#1092548). - CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer (bsc#1092548). - CVE-2018-5159: Integer overflow and out-of-bounds write in Skia (bsc#1092548). - CVE-2018-5168: Lightweight themes can be installed without user interaction (bsc#1092548). - CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (bsc#1092548). - CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (bsc#1092548). These non-security issues were fixed: - Various stability and regression fixes - Performance improvements to the Safe Browsing service to avoid slowdowns while updating site classification data Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-1536=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-52.9.0esr-3.7.12 MozillaFirefox-debuginfo-52.9.0esr-3.7.12 MozillaFirefox-debugsource-52.9.0esr-3.7.12 MozillaFirefox-translations-common-52.9.0esr-3.7.12 MozillaFirefox-translations-other-52.9.0esr-3.7.12 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le x86_64): MozillaFirefox-devel-52.9.0esr-3.7.12
References
#1092548 #1096449 #1098998
Cross- CVE-2018-12359 CVE-2018-12360 CVE-2018-12362
CVE-2018-12363 CVE-2018-12364 CVE-2018-12365
CVE-2018-12366 CVE-2018-12368 CVE-2018-5150
CVE-2018-5154 CVE-2018-5155 CVE-2018-5156
CVE-2018-5157 CVE-2018-5158 CVE-2018-5159
CVE-2018-5168 CVE-2018-5178 CVE-2018-5183
CVE-2018-5188 CVE-2018-6126
Affected Products:
SUSE Linux Enterprise Module for Desktop Applications 15
https://www.suse.com/security/cve/CVE-2018-12359.html
https://www.suse.com/security/cve/CVE-2018-12360.html
https://www.suse.com/security/cve/CVE-2018-12362.html
https://www.suse.com/security/cve/CVE-2018-12363.html
https://www.suse.com/security/cve/CVE-2018-12364.html
https://www.suse.com/security/cve/CVE-2018-12365.html
https://www.suse.com/security/cve/CVE-2018-12366.html
https://www.suse.com/security/cve/CVE-2018-12368.html
https://www.suse.com/security/cve/CVE-2018-5150.html
https://www.suse.com/security/cve/CVE-2018-5154.html
https://www.suse.com/security/cve/CVE-2018-5155.html
https://www.suse.com/security/cve/CVE-2018-5156.html
https://www.suse.com/security/cve/CVE-2018-5157.html
https://www.suse.com/security/cve/CVE-2018-5158.html
https://www.suse.com/security/cve/CVE-2018-5159.html
https://www.suse.com/security/cve/CVE-2018-5168.html
https://www.suse.com/security/cve/CVE-2018-5178.html
https://www.suse.com/security/cve/CVE-2018-5183.html
https://www.suse.com/security/cve/CVE-2018-5188.html
https://www.suse.com/security/cve/CVE-2018-6126.html
https://bugzilla.suse.com/1092548
https://bugzilla.suse.com/1096449
https://bugzilla.suse.com/1098998