Synopsis: Critical: firefox security update Advisory ID: SLSA-2019:0622-1 Issue Date: 2019-03-20 CVE Numbers: CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 -- This update upgrades Firefox to version 60.6.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506) -- SL7 x86_64 firefox-60.6.0-3.el7_6.x86_64.rpm firefox-debuginfo-60.6.0-3.el7_6.x86_64.rpm firefox-60.6.0-3.el7_6.i686.rpm firefox-debuginfo-60.6.0-3.el7_6.i686.rpm - Scientific Linux Development Team