Updated firefox packages fix security vulnerabilities
Publication date: 03 Feb 2019Modification date: 03 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-18500 , CVE-2018-18501 , CVE-2018-18505
Description
Use-after-free parsing HTML5 stream (CVE-2018-18500). Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501). Privilege escalation through IPC channel messages (CVE-2018-18505).
References
- https://bugs.mageia.org/show_bug.cgi?id=24258
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
- https://access.redhat.com/errata/RHSA-2019:0219
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505
SRPMS
6/core
- nss-3.36.7-1.mga6
- firefox-60.5.0-1.mga6
- firefox-l10n-60.5.0-1.mga6