Updated firefox packages fix security vulnerabilities
Publication date: 25 Jan 2018Modification date: 25 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2018-5089 , CVE-2018-5091 , CVE-2018-5095 , CVE-2018-5096 , CVE-2018-5097 , CVE-2018-5098 , CVE-2018-5099 , CVE-2018-5102 , CVE-2018-5103 , CVE-2018-5104 , CVE-2018-5117
Description
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117). To mitigate timing-based side-channel attacks similar to "Spectre" and "Meltdown", the resolution of performance.now() has been reduced from 5μs to 20μs.
References
- https://bugs.mageia.org/show_bug.cgi?id=22434
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
- https://access.redhat.com/errata/RHSA-2018:0122
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5091
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5095
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5096
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5097
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5098
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5099
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5103
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5104
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5117
SRPMS
5/core
- nspr-4.18-1.mga5
- rootcerts-20180104.00-1.mga5
- nss-3.28.6-1.3.mga5
- firefox-52.6.0-1.mga5
- firefox-l10n-52.6.0-1.mga5