SUSE-SU-2018:2890-1

Описание

This update for MozillaFirefox to ESR 60.2 fixes several issues.

These general changes are part of the version 60 release.

• New browser engine with speed improvements
• Redesigned graphical user interface elements
• Unified address and search bar for new installations
• New tab page listing top visited, recently visited and recommended pages
• Support for configuration policies in enterprise deployments via JSON files
• Support for Web Authentication, allowing the use of USB tokens for authentication to web sites

The following changes affect compatibility:

• Now exclusively supports extensions built using the WebExtension API.
• Unsupported legacy extensions will no longer work in Firefox 60 ESR
• TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The 'security.pki.distrust_ca_policy' preference can be set to 0 to reinstate trust in those certificates

The following issues affect performance:

• new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems.

These security issues were fixed:

• CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343).
• CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343).
• CVE-2018-12376: Various memory safety bugs (bsc#1107343).
• CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343).
• CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343).
• CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343).