Описание
Security update for MozillaFirefox
This update to Mozilla Firefox 60.2.0esr fixes the following issues:
Security issues fixed (MFSA 2018-21, boo#1107343):
- CVE-2018-12377: Use-after-free in refresh driver timers
- CVE-2018-12378: Use-after-free in IndexedDB
- CVE-2017-16541: Proxy bypass using automount and autofs (boo#1066489)
- CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:2674-1
- SUSE Security Ratings
Описание
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
Затронутые продукты
Ссылки
- CVE-2017-16541
- SUSE Bug 1066489
- SUSE Bug 1107343
Описание
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
Затронутые продукты
Ссылки
- CVE-2018-12376
- SUSE Bug 1107343
Описание
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
Затронутые продукты
Ссылки
- CVE-2018-12377
- SUSE Bug 1107343
Описание
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
Затронутые продукты
Ссылки
- CVE-2018-12378
- SUSE Bug 1107343