Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

SUSE: 2018:2322-2 Important: MozillaFirefox Security Update

suse
Calendar Grey October 18, 2018
Dist Suse Esm H88
SUSE has issued a Security Patch for MozillaFirefox addressing several severe vulnerabilities with essential updates.
An update that fixes 10 vulnerabilities is now available

Summary

This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Patch Instructions:

References

#1098998

Cross- CVE-2018-12359 CVE-2018-12360 CVE-2018-12362

CVE-2018-12363 CVE-2018-12364 CVE-2018-12365

CVE-2018-12366 CVE-2018-12368 CVE-2018-5156

CVE-2018-5188

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

https://www.suse.com/security/cve/CVE-2018-12359.html

https://www.suse.com/security/cve/CVE-2018-12360.html

https://www.suse.com/security/cve/CVE-2018-12362.html

https://www.suse.com/security/cve/CVE-2018-12363.html

https://www.suse.com/security/cve/CVE-2018-12364.html

https://www.suse.com/security/cve/CVE-2018-12365.html

https://www.suse.com/security/cve/CVE-2018-12366.html

https://www.suse.com/security/cve/CVE-2018-12368.html

https://www.suse.com/security/cve/CVE-2018-5156.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:2322-2
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.