Overview

File _patchinfo of Package patchinfo.7406

<patchinfo incident="7406">
  <issue tracker="bnc" id="1092548">VUL-0: MozillaFirefox,MozillaThunderbird: 52.8 ESR / 60 ESR / 60 security release</issue>
  <issue tracker="cve" id="2018-5158"/>
  <issue tracker="cve" id="2018-5159"/>
  <issue tracker="cve" id="2018-5174"/>
  <issue tracker="cve" id="2018-5154"/>
  <issue tracker="cve" id="2018-5168"/>
  <issue tracker="cve" id="2018-5178"/>
  <issue tracker="cve" id="2018-5150"/>
  <issue tracker="cve" id="2018-5157"/>
  <issue tracker="cve" id="2018-5183"/>
  <issue tracker="cve" id="2018-5155"/>
  <category>security</category>
  <rating>important</rating>
  <packager>pcerny</packager>
  <description>This update for MozillaFirefox to the ESR 52.8 release fixes the following issues:

Mozil to Firefox ESR 52.8 (bsc#1092548)

Security issues fixed:

- MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
- MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
- MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction
- MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
- MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths
- MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia
- MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
- MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths
- MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
</description>
  <summary>Security update for MozillaFirefox</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places