File _patchinfo of Package patchinfo.6892

<patchinfo incident="6892">
  <issue id="1085130" tracker="bnc">VUL-0: MozillaFirefox: MFSA-2018-06 and MFSA-2018-07</issue>
  <issue id="1085671" tracker="bnc">VUL-0: CVE-2018-5146, CVE-2018-5147: MozillaFirefox: Out of bounds memory write while processing Vorbis audio data (MFSA-2018-08)</issue>
  <issue id="1087059" tracker="bnc">VUL-1: CVE-2018-5148: MozillaFirefox: Use-after-free in compositor potentially allows code execution</issue>
  <issue id="2018-5125" tracker="cve" />
  <issue id="2018-5127" tracker="cve" />
  <issue id="2018-5129" tracker="cve" />
  <issue id="2018-5130" tracker="cve" />
  <issue id="2018-5131" tracker="cve" />
  <issue id="2018-5144" tracker="cve" />
  <issue id="2018-5145" tracker="cve" />
  <issue id="2018-5146" tracker="cve" />
  <issue id="2018-5147" tracker="cve" />
  <issue id="2018-5148" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pcerny</packager>
  <description>This update for MozillaFirefox fixes the following issues:

Security issues fixed in Firefox ESR 52.7.3 (bsc#1085130):

- CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
- CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
- CVE-2018-5129: Out-of-bounds write with malformed IPC messages
- CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
- CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources
- CVE-2018-5144: Integer overflow during Unicode conversion
- CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7
- CVE-2018-5146: Out of bounds memory write in libvorbis (bsc#1085671)
- CVE-2018-5147: Out of bounds memory write in libtremor (bsc#1085671)
- CVE-2018-5148: Use-after-free in compositor (MFSA 2018-10) (bsc#1087059)

</description>
  <summary>Security update for MozillaFirefox</summary>
</patchinfo>