Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:1414-1 Issue Date: 2018-05-15 CVE Numbers: CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183 -- This update upgrades Firefox to version 52.8.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150) * Mozilla: Backport critical security fixes in Skia (CVE-2018-5183) * Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154) * Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155) * Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files (CVE-2018-5157) * Mozilla: Malicious PDF can inject JavaScript into PDF Viewer (CVE-2018-5158) * Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159) * Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168) * Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178) -- SL6 x86_64 firefox-52.8.0-1.el6_9.x86_64.rpm firefox-debuginfo-52.8.0-1.el6_9.x86_64.rpm firefox-52.8.0-1.el6_9.i686.rpm firefox-debuginfo-52.8.0-1.el6_9.i686.rpm i386 firefox-52.8.0-1.el6_9.i686.rpm firefox-debuginfo-52.8.0-1.el6_9.i686.rpm - Scientific Linux Development Team