Advisories ยป MGASA-2018-0305

Updated firefox packages fix security vulnerability

Publication date: 01 Jul 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5156 , CVE-2018-5188 , CVE-2018-12359 , CVE-2018-12360 , CVE-2018-12362 , CVE-2018-12363 , CVE-2018-12364 , CVE-2018-12365 , CVE-2018-12366

Description

Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 (CVE-2018-5188).

Mozilla: Buffer overflow using computed size of canvas element
(CVE-2018-12359).

Mozilla: Use-after-free using focus() (CVE-2018-12360).

Mozilla: Media recorder segmentation fault when track type is changed
during capture (CVE-2018-5156).

Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362).

Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363).

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins
(CVE-2018-12364).

Mozilla: Compromised IPC child process can list local filenames
(CVE-2018-12365).

Mozilla: Invalid data handling during QCMS transformations
(CVE-2018-12366).
                

References

SRPMS

6/core