Synopsis: Critical: firefox security update
Advisory ID: SLSA-2018:1414-1
Issue Date: 2018-05-15
CVE Numbers: CVE-2018-5150
CVE-2018-5154
CVE-2018-5155
CVE-2018-5157
CVE-2018-5158
CVE-2018-5159
CVE-2018-5168
CVE-2018-5178
CVE-2018-5183
—
This update upgrades Firefox to version 52.8.0 ESR.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
(CVE-2018-5150)
* Mozilla: Backport critical security fixes in Skia (CVE-2018-5183)
* Mozilla: Use-after-free with SVG animations and clip paths
(CVE-2018-5154)
* Mozilla: Use-after-free with SVG animations and text paths
(CVE-2018-5155)
* Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files
(CVE-2018-5157)
* Mozilla: Malicious PDF can inject JavaScript into PDF Viewer
(CVE-2018-5158)
* Mozilla: Integer overflow and out-of-bounds write in Skia
(CVE-2018-5159)
* Mozilla: Lightweight themes can be installed without user interaction
(CVE-2018-5168)
* Mozilla: Buffer overflow during UTF-8 to Unicode string conversion
through legacy extension (CVE-2018-5178)
—
SL6
x86_64
firefox-52.8.0-1.el6_9.x86_64.rpm
firefox-debuginfo-52.8.0-1.el6_9.x86_64.rpm
firefox-52.8.0-1.el6_9.i686.rpm
firefox-debuginfo-52.8.0-1.el6_9.i686.rpm
i386
firefox-52.8.0-1.el6_9.i686.rpm
firefox-debuginfo-52.8.0-1.el6_9.i686.rpm
– Scientific Linux Development Team
