SUSE-SU-2018:2298-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89049632 | Date: (C)2023-12-20 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for MozillaFirefox to the 52.9 ESR release fixes the following issues: These security issues were fixed: - Firefox ESR 52.9: - CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 . - CVE-2018-12368 No warning when opening executable SettingContent-ms files . - CVE-2018-12366 Invalid data handling during QCMS transformations . - CVE-2018-12365 Compromised IPC child process can list local filenames . - CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins . - CVE-2018-12363 Use-after-free when appending DOM nodes . - CVE-2018-12362 Integer overflow in SSSE3 scaler . - CVE-2018-12360 Use-after-free when using focus . - CVE-2018-5156 Media recorder segmentation fault when track type is changed during capture . - CVE-2018-12359 Buffer overflow using computed size of canvas element . - Firefox ESR 52.8: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia . - CVE-2018-5183: Backport critical security fixes in Skia . - CVE-2018-5154: Use-after-free with SVG animations and clip paths . - CVE-2018-5155: Use-after-free with SVG animations and text paths . - CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files . - CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer . - CVE-2018-5159: Integer overflow and out-of-bounds write in Skia . - CVE-2018-5168: Lightweight themes can be installed without user interaction . - CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension . - CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 . These non-security issues were fixed: - Various stability and regression fixes - Performance improvements to the Safe Browsing service to avoid slowdowns while updating site classification data
Platform: |
SUSE Linux Enterprise Desktop 15 |