Advisories » MGASA-2018-0097

Updated firefox packages fix security vulnerabilities

Publication date: 25 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5089 , CVE-2018-5091 , CVE-2018-5095 , CVE-2018-5096 , CVE-2018-5097 , CVE-2018-5098 , CVE-2018-5099 , CVE-2018-5102 , CVE-2018-5103 , CVE-2018-5104 , CVE-2018-5117

Description

Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095,
CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099,
CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117).

To mitigate timing-based side-channel attacks similar to "Spectre" and
"Meltdown", the resolution of performance.now() has been reduced from
5μs to 20μs.
                

References

SRPMS

6/core