Synopsis: Critical: firefox security update
Advisory ID: SLSA-2018:0122-1
Issue Date: 2018-01-24
CVE Numbers: CVE-2018-5089
CVE-2018-5091
CVE-2018-5095
CVE-2018-5096
CVE-2018-5097
CVE-2018-5098
CVE-2018-5099
CVE-2018-5102
CVE-2018-5103
CVE-2018-5104
CVE-2018-5117
—
This update upgrades Firefox to version 52.6.0 ESR.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095,
CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102,
CVE-2018-5103, CVE-2018-5104, CVE-2018-5117)
* To mitigate timing-based side-channel attacks similar to “Spectre” and
“Meltdown”, the resolution of performance.now() has been reduced from 5s
to 20s.
—
SL6
x86_64
firefox-52.6.0-1.el6_9.x86_64.rpm
firefox-debuginfo-52.6.0-1.el6_9.x86_64.rpm
firefox-52.6.0-1.el6_9.i686.rpm
firefox-debuginfo-52.6.0-1.el6_9.i686.rpm
i386
firefox-52.6.0-1.el6_9.i686.rpm
firefox-debuginfo-52.6.0-1.el6_9.i686.rpm
SL7
x86_64
firefox-52.6.0-1.el7_4.x86_64.rpm
firefox-debuginfo-52.6.0-1.el7_4.x86_64.rpm
firefox-52.6.0-1.el7_4.i686.rpm
firefox-debuginfo-52.6.0-1.el7_4.i686.rpm
– Scientific Linux Development Team
