SUSE-SU-2018:3476-1: important: Security update for MozillaFirefox

sle-security-updates at sle-security-updates at
Thu Oct 25 16:16:32 MDT 2018

   SUSE Security Update: Security update for MozillaFirefox

Announcement ID:    SUSE-SU-2018:3476-1
Rating:             important
References:         #1094767 #1107343 #1109363 #1109465 #1110506 
Cross-References:   CVE-2018-12383 CVE-2018-12385 CVE-2018-12386
Affected Products:
                    SUSE Linux Enterprise Module for Desktop Applications 15

   An update that solves four vulnerabilities and has two
   fixes is now available.


   This update for MozillaFirefox to 60.2.2ESR fixes the following issues:

   Security issues fixed:

   MFSA 2018-24:

   - CVE-2018-12386: A Type confusion in JavaScript allowed remote code
     execution (bsc#1110506)
   - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may
     have enabled exploits in the sandboxed content process (bsc#1110507)

   MFSA 2018-23:

   - CVE-2018-12385: Fixed a crash in TransportSecurityInfo due to cached
     data (bsc#1109363)
   - CVE-2018-12383: Setting a master password did not delete unencrypted
     previously stored passwords (bsc#1107343)

   Non security issues fixed:

   - Avoid undefined behavior in IPC fd-passing code (bsc#1094767)
   - Fixed a startup crash affecting users migrating from older ESR releases
   - Clean up old NSS DB files after upgrading
   - Fixed an endianness problem in bindgen's handling of bitfields, which
     was causing Firefox to crash on startup on big-endian machines.  Also,
     updates the cc crate, which was buggy in the version that was originally
     vendored in. (bsc#1109465)

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Desktop Applications 15:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2018-2482=1

Package List:

   - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le x86_64):



More information about the sle-security-updates mailing list