Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2018:4236-1 Critical: MozillaFirefox Important Security Update

suse
Calendar Grey December 22, 2018
Dist Suse Esm H88
SUSE Security Advisory: Critical update for MozillaFirefox, mozilla-nspr, mozilla-nss resolving various security vulnerabilities.
An update that fixes 9 vulnerabilities is now available

Summary

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105)

References

#1097410 #1106873 #1119069 #1119105

Cross- CVE-2018-0495 CVE-2018-12384 CVE-2018-12404

CVE-2018-12405 CVE-2018-17466 CVE-2018-18492

CVE-2018-18493 CVE-2018-18494 CVE-2018-18498

Affected Products:

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Linux Enterprise Server 12-SP1-LTSS

SUSE Linux Enterprise Server 12-LTSS

SUSE Linux Enterprise Desktop 12-SP4

SUSE Linux Enterprise Desktop 12-SP3

SUSE En...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:4236-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here