Synopsis: Critical: firefox security update
Advisory ID:       SLSA-2019:0219-1
Issue Date:        2019-01-30
CVE Numbers:       CVE-2018-18500
                   CVE-2018-18501
                   CVE-2018-18505
--

This update upgrades Firefox to version 60.5.0 ESR.

Security Fix(es):

* Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500)

* Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
(CVE-2018-18501)

* Mozilla: Privilege escalation through IPC channel messages
(CVE-2018-18505)
--

SL7
  x86_64
    firefox-60.5.0-2.el7.x86_64.rpm
    firefox-debuginfo-60.5.0-2.el7.x86_64.rpm
    firefox-60.5.0-2.el7.i686.rpm
    firefox-debuginfo-60.5.0-2.el7.i686.rpm

- Scientific Linux Development Team