openSUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1212-1 Rating: important References: #1092548 Cross-References: CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for Mozilla Firefox to 52.8.0 ESR fixes the following issues: Security issssue fixed: (bsc#1092548, MFSA 2018-12): - CVE-2018-5183: Backport critical security fixes in Skia - CVE-2018-5154: Use-after-free with SVG animations and clip paths - CVE-2018-5155: Use-after-free with SVG animations and text paths - CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - CVE-2018-5168: Lightweight themes can be installed without user interaction - CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension - CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 The following non-security changes are included: - Various stability and regression fixes - Performance improvements to the Safe Browsing service to avoid slowdowns while updating site classification data Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-452=1 Package List: - openSUSE Leap 42.3 (x86_64): MozillaFirefox-52.8.0-89.1 MozillaFirefox-branding-upstream-52.8.0-89.1 MozillaFirefox-buildsymbols-52.8.0-89.1 MozillaFirefox-debuginfo-52.8.0-89.1 MozillaFirefox-debugsource-52.8.0-89.1 MozillaFirefox-devel-52.8.0-89.1 MozillaFirefox-translations-common-52.8.0-89.1 MozillaFirefox-translations-other-52.8.0-89.1 References: https://www.suse.com/security/cve/CVE-2018-5150.html https://www.suse.com/security/cve/CVE-2018-5154.html https://www.suse.com/security/cve/CVE-2018-5155.html https://www.suse.com/security/cve/CVE-2018-5157.html https://www.suse.com/security/cve/CVE-2018-5158.html https://www.suse.com/security/cve/CVE-2018-5159.html https://www.suse.com/security/cve/CVE-2018-5168.html https://www.suse.com/security/cve/CVE-2018-5178.html https://www.suse.com/security/cve/CVE-2018-5183.html https://bugzilla.suse.com/1092548