firefox security update

2018-03-15T18:59:48
ID CESA-2018:0526
Type centos
Reporter CentOS Project
Modified 2018-03-15T18:59:48

Description

CentOS Errata and Security Advisory CESA-2018:0526

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.7.0 ESR.

Security Fix(es):

  • Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5125)

  • Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07) (CVE-2018-5127)

  • Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07) (CVE-2018-5129)

  • Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07) (CVE-2018-5130)

  • Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07) (CVE-2018-5131)

  • Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07) (CVE-2018-5144)

  • Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5145)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2018-March/022803.html

Affected packages: firefox

Upstream details at: