Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:0122-1 Issue Date: 2018-01-24 CVE Numbers: CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 -- This update upgrades Firefox to version 52.6.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117) * To mitigate timing-based side-channel attacks similar to "Spectre" and "Meltdown", the resolution of performance.now() has been reduced from 5s to 20s. -- SL6 x86_64 firefox-52.6.0-1.el6_9.x86_64.rpm firefox-debuginfo-52.6.0-1.el6_9.x86_64.rpm firefox-52.6.0-1.el6_9.i686.rpm firefox-debuginfo-52.6.0-1.el6_9.i686.rpm i386 firefox-52.6.0-1.el6_9.i686.rpm firefox-debuginfo-52.6.0-1.el6_9.i686.rpm SL7 x86_64 firefox-52.6.0-1.el7_4.x86_64.rpm firefox-debuginfo-52.6.0-1.el7_4.x86_64.rpm firefox-52.6.0-1.el7_4.i686.rpm firefox-debuginfo-52.6.0-1.el7_4.i686.rpm - Scientific Linux Development Team