Scientific Linux alert SLSA-2018:3831-1 (firefox)

From:
             
 
Scott Reid <svreid@fnal.gov> 
To:
             
 
<scientific-linux-errata@listserv.fnal.gov> 
Subject:
             
 
Security ERRATA Critical: firefox on SL6.x i386/x86_64 
Date:
             
 
Tue, 18 Dec 2018 16:50:55 +0000
Message-ID:
             
 
<20181218165055.6128.86850@slpackages.fnal.gov>
Synopsis:          Critical: firefox security update
Advisory ID:       SLSA-2018:3831-1
Issue Date:        2018-12-17
CVE Numbers:       CVE-2018-17466
                   CVE-2018-12405
                   CVE-2018-18492
                   CVE-2018-18493
                   CVE-2018-18494
                   CVE-2018-18498
--

This update upgrades Firefox to version 60.4.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
(CVE-2018-12405)

* Mozilla: Memory corruption in Angle (CVE-2018-17466)

* Mozilla: Use-after-free with select element (CVE-2018-18492)

* Mozilla: Buffer overflow in accelerated 2D canvas with Skia
(CVE-2018-18493)

* Mozilla: Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs (CVE-2018-18494)

* Mozilla: Integer overflow when calculating buffer sizes for images
(CVE-2018-18498)
--

SL6
  x86_64
    firefox-60.4.0-1.el6.x86_64.rpm
    firefox-debuginfo-60.4.0-1.el6.x86_64.rpm
    firefox-60.4.0-1.el6.i686.rpm
    firefox-debuginfo-60.4.0-1.el6.i686.rpm
  i386
    firefox-60.4.0-1.el6.i686.rpm
    firefox-debuginfo-60.4.0-1.el6.i686.rpm

- Scientific Linux Development Team