openSUSE Security Update : Mozilla Firefox (openSUSE-2019-855)
High Nessus Plugin ID 123356
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for Mozilla Firefox to version 60.3.0esr fixes security issues and stability bugs.
The following security issues were fixed (MFSA 2018-27, boo#1112852) :
- CVE-2018-12392: Crash with nested event loops
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
- CVE-2018-12397: WebExtension local file access vulnerability
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
SolutionUpdate the affected Mozilla Firefox packages.