openSUSE Security Update : Mozilla Firefox (openSUSE-2019-1004)
High Nessus Plugin ID 123148
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs.
Security issues fixed as part of the MFSA 2018-30 advisory (boo#1119105) :
- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
- CVE-2018-18492: Use-after-free with select element
- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
- CVE-2018-18498: Integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
The following changes are included :
- now requires NSS >= 3.36.6
- Updated list of currency codes to include Unidad Previsional (UYW)
SolutionUpdate the affected Mozilla Firefox packages.