Synopsis: Critical: firefox security update Advisory ID: SLSA-2018:3831-1 Issue Date: 2018-12-17 CVE Numbers: CVE-2018-17466 CVE-2018-12405 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 -- This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) -- SL6 x86_64 firefox-60.4.0-1.el6.x86_64.rpm firefox-debuginfo-60.4.0-1.el6.x86_64.rpm firefox-60.4.0-1.el6.i686.rpm firefox-debuginfo-60.4.0-1.el6.i686.rpm i386 firefox-60.4.0-1.el6.i686.rpm firefox-debuginfo-60.4.0-1.el6.i686.rpm - Scientific Linux Development Team