Synopsis: Critical: firefox security update
Advisory ID: SLSA-2018:2113-1
Issue Date: 2018-06-28
CVE Numbers: CVE-2018-6126
CVE-2017-7762
CVE-2018-12359
CVE-2018-12360
CVE-2018-12362
CVE-2018-12363
CVE-2018-12364
CVE-2018-12365
CVE-2018-12366
CVE-2018-5156
CVE-2018-5188
—
This update upgrades Firefox to version 60.1.0 ESR.
Many older firefox extensions must be updated to work with this new release.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and
Firefox ESR 52.9 (CVE-2018-5188)
* Mozilla: Buffer overflow using computed size of canvas element
(CVE-2018-12359)
* Mozilla: Use-after-free using focus() (CVE-2018-12360)
* Mozilla: Media recorder segmentation fault when track type is changed
during capture (CVE-2018-5156)
* Skia: Heap buffer overflow rasterizing paths in SVG (CVE-2018-6126)
* Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362)
* Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363)
* Mozilla: CSRF attacks through 307 redirects and NPAPI plugins
(CVE-2018-12364)
* Mozilla: address bar username and password spoofing in reader mode
(CVE-2017-7762)
* Mozilla: Compromised IPC child process can list local filenames
(CVE-2018-12365)
* Mozilla: Invalid data handling during QCMS transformations
(CVE-2018-12366)
—
SL7
x86_64
firefox-60.1.0-4.el7_5.x86_64.rpm
firefox-debuginfo-60.1.0-4.el7_5.x86_64.rpm
firefox-60.1.0-4.el7_5.i686.rpm
firefox-debuginfo-60.1.0-4.el7_5.i686.rpm
– Scientific Linux Development Team
