Print

Print


Synopsis:          Critical: firefox security update
Advisory ID:       SLSA-2018:3831-1
Issue Date:        2018-12-17
CVE Numbers:       CVE-2018-17466
                   CVE-2018-12405
                   CVE-2018-18492
                   CVE-2018-18493
                   CVE-2018-18494
                   CVE-2018-18498
--

This update upgrades Firefox to version 60.4.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
(CVE-2018-12405)

* Mozilla: Memory corruption in Angle (CVE-2018-17466)

* Mozilla: Use-after-free with select element (CVE-2018-18492)

* Mozilla: Buffer overflow in accelerated 2D canvas with Skia
(CVE-2018-18493)

* Mozilla: Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs (CVE-2018-18494)

* Mozilla: Integer overflow when calculating buffer sizes for images
(CVE-2018-18498)
--

SL6
  x86_64
    firefox-60.4.0-1.el6.x86_64.rpm
    firefox-debuginfo-60.4.0-1.el6.x86_64.rpm
    firefox-60.4.0-1.el6.i686.rpm
    firefox-debuginfo-60.4.0-1.el6.i686.rpm
  i386
    firefox-60.4.0-1.el6.i686.rpm
    firefox-debuginfo-60.4.0-1.el6.i686.rpm

- Scientific Linux Development Team