Security update for Mozilla Firefox (important)

2018-05-11T00:14:24
ID OPENSUSE-SU-2018:1212-1
Type suse
Reporter Suse
Modified 2018-05-11T00:14:24

Description

This update for Mozilla Firefox to 52.8.0 ESR fixes the following issues:

Security issssue fixed: (bsc#1092548, MFSA 2018-12):

  • CVE-2018-5183: Backport critical security fixes in Skia
  • CVE-2018-5154: Use-after-free with SVG animations and clip paths
  • CVE-2018-5155: Use-after-free with SVG animations and text paths
  • CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
  • CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
  • CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
  • CVE-2018-5168: Lightweight themes can be installed without user interaction
  • CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
  • CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

The following non-security changes are included:

  • Various stability and regression fixes
  • Performance improvements to the Safe Browsing service to avoid slowdowns while updating site classification data