firefox (SL7)

By Scientific Linux Team on December 17, 2018

Synopsis: Critical: firefox security update
Advisory ID: SLSA-2018:3833-1
Issue Date: 2018-12-17
CVE Numbers: CVE-2018-17466
CVE-2018-12405
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498

This update upgrades Firefox to version 60.4.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
(CVE-2018-12405)

* Mozilla: Memory corruption in Angle (CVE-2018-17466)

* Mozilla: Use-after-free with select element (CVE-2018-18492)

* Mozilla: Buffer overflow in accelerated 2D canvas with Skia
(CVE-2018-18493)

* Mozilla: Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs (CVE-2018-18494)

* Mozilla: Integer overflow when calculating buffer sizes for images
(CVE-2018-18498)

SL7
x86_64
firefox-60.4.0-1.el7.x86_64.rpm
firefox-debuginfo-60.4.0-1.el7.x86_64.rpm
firefox-60.4.0-1.el7.i686.rpm
firefox-debuginfo-60.4.0-1.el7.i686.rpm

– Scientific Linux Development Team