Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:2693-1 Issue Date: 2018-09-12 CVE Numbers: CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 -- This update upgrades Firefox to version 60.2.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379) -- SL6 x86_64 firefox-60.2.0-1.el6.x86_64.rpm firefox-debuginfo-60.2.0-1.el6.x86_64.rpm firefox-60.2.0-1.el6.i686.rpm firefox-debuginfo-60.2.0-1.el6.i686.rpm i386 firefox-60.2.0-1.el6.i686.rpm firefox-debuginfo-60.2.0-1.el6.i686.rpm - Scientific Linux Development Team