Updated firefox packages fix security vulnerability
Publication date: 01 Jul 2018Modification date: 01 Jul 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5156 , CVE-2018-5188 , CVE-2018-12359 , CVE-2018-12360 , CVE-2018-12362 , CVE-2018-12363 , CVE-2018-12364 , CVE-2018-12365 , CVE-2018-12366
Description
Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 (CVE-2018-5188).
Mozilla: Buffer overflow using computed size of canvas element
(CVE-2018-12359).
Mozilla: Use-after-free using focus() (CVE-2018-12360).
Mozilla: Media recorder segmentation fault when track type is changed
during capture (CVE-2018-5156).
Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362).
Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363).
Mozilla: CSRF attacks through 307 redirects and NPAPI plugins
(CVE-2018-12364).
Mozilla: Compromised IPC child process can list local filenames
(CVE-2018-12365).
Mozilla: Invalid data handling during QCMS transformations
(CVE-2018-12366).
References
- https://bugs.mageia.org/show_bug.cgi?id=23233
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
- https://www.mozilla.org/security/known-vulnerabilities/firefox-esr/
- https://access.redhat.com/errata/RHSA-2018:2113
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5156
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5188
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12359
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12360
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12362
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12363
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12364
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12365
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12366
SRPMS
6/core
- firefox-52.9.0-1.mga6
- firefox-l10n-52.9.0-1.mga6