Synopsis:          Critical: firefox security update

Advisory ID:       SLSA-2018:2881-1

Issue Date:        2018-10-08

CVE Numbers:       CVE-2018-12386

                   CVE-2018-12387

--



This update upgrades Firefox to version 60.2.2 ESR.



Security Fix(es):



* Mozilla: type confusion in JavaScript (CVE-2018-12386)



* Mozilla: stack out-of-bounds read in Array.prototype.push

(CVE-2018-12387)

--



SL6

  x86_64

    firefox-60.2.2-1.el6.x86_64.rpm

    firefox-debuginfo-60.2.2-1.el6.x86_64.rpm

    firefox-60.2.2-1.el6.i686.rpm

    firefox-debuginfo-60.2.2-1.el6.i686.rpm

  i386

    firefox-60.2.2-1.el6.i686.rpm

    firefox-debuginfo-60.2.2-1.el6.i686.rpm



- Scientific Linux Development Team