Scientific Linux Security Update : firefox on SL7.x x86_64 (20180515)

High Nessus Plugin ID 109852

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

This update upgrades Firefox to version 52.8.0 ESR.

Security Fix(es) :

- Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150)

- Mozilla: Backport critical security fixes in Skia (CVE-2018-5183)

- Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154)

- Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155)

- Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files (CVE-2018-5157)

- Mozilla: Malicious PDF can inject JavaScript into PDF Viewer (CVE-2018-5158)

- Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159)

- Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168)

- Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178)

Solution

Update the affected firefox and / or firefox-debuginfo packages.

Scientific Linux Security Update : firefox on SL7.x x86_64 (20180515)

High Nessus Plugin ID 109852

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information