Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:3006-1 Issue Date: 2018-10-25 CVE Numbers: CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 -- This update upgrades Firefox to version 60.3.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395) * Mozilla: WebExtension content scripts can execute in disallowed contexts (CVE-2018-12396) * Mozilla: WebExtension local file permission check bypass (CVE-2018-12397) * Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389) -- SL6 x86_64 firefox-60.3.0-1.el6.x86_64.rpm firefox-debuginfo-60.3.0-1.el6.x86_64.rpm firefox-60.3.0-1.el6.i686.rpm firefox-debuginfo-60.3.0-1.el6.i686.rpm i386 firefox-60.3.0-1.el6.i686.rpm firefox-debuginfo-60.3.0-1.el6.i686.rpm - Scientific Linux Development Team