{
  "schema_version": "1.6.2",
  "id": "MGASA-2018-0248",
  "published": "2018-05-17T10:54:59Z",
  "modified": "2018-05-17T10:38:01Z",
  "summary": "Updated firefox packages fix security vulnerabilities",
  "details": "Updated firefox packages fix security vulnerabilities:\n\nMozilla: Memory safety bugs fixed in Firefox ESR 52.8 (CVE-2018-5150).\n\nMozilla: Backport critical security fixes in Skia (CVE-2018-5183).\n\nMozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154).\n\nMozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155).\n\nMozilla: Same-origin bypass of PDF Viewer to view protected PDF files\n(CVE-2018-5157).\n\nMozilla: Malicious PDF can inject JavaScript into PDF Viewer\n(CVE-2018-5158).\n\nMozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159).\n\nMozilla: Lightweight themes can be installed without user interaction\n(CVE-2018-5168).\n\nMozilla: Buffer overflow during UTF-8 to Unicode string conversion through\nlegacy extension (CVE-2018-5178).\n\nRootcerts has been updated to 20180411.\n",
  "related": [
    "CVE-2018-5150",
    "CVE-2018-5153",
    "CVE-2018-5154",
    "CVE-2018-5155",
    "CVE-2018-5157",
    "CVE-2018-5158",
    "CVE-2018-5159",
    "CVE-2018-5168",
    "CVE-2018-5178"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2018-0248.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=23031"
    },
    {
      "type": "REPORT",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/"
    },
    {
      "type": "REPORT",
      "url": "https://www.mozilla.org/security/known-vulnerabilities/firefox-esr/"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/errata/RHSA-2018:1415"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "firefox",
        "purl": "pkg:rpm/mageia/firefox?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "52.8.0-1.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "firefox-l10n",
        "purl": "pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "52.8.0-1.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "nss",
        "purl": "pkg:rpm/mageia/nss?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.28.6-1.4.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:6",
        "name": "rootcerts",
        "purl": "pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-6"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "20180411.00-1.mga6"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}