Overview

File _patchinfo of Package patchinfo.9102

<patchinfo incident="9102">
  <issue tracker="bnc" id="1107343">VUL-0: MozillaFirefox: 62 / 60.2 ESR releases</issue>
  <issue tracker="bnc" id="1094767">Firefox error message "Gah. Your tab just crashed. We can help!  Choose Restore This Tab to reload the page." when opening certain webpages</issue>
  <issue tracker="bnc" id="1109465">Latest Firefox update not released for s390x</issue>
  <issue tracker="bnc" id="1109363">VUL-0: CVE-2018-12385: MozillaFirefox: Crash in TransportSecurityInfo due to cached data</issue>
  <issue tracker="bnc" id="1110507">VUL-0: CVE-2018-12387: MozillaFirefox: Array.prototype.push stack pointer vulnerability</issue>
  <issue tracker="bnc" id="1110506">VUL-0: CVE-2018-12386: MozillaFirefox: Type confusion in JavaScript</issue>
  <issue tracker="cve" id="2018-12383"/>
  <issue tracker="cve" id="2018-12385"/>
  <issue tracker="cve" id="2018-12386"/>
  <issue tracker="cve" id="2018-12387"/>
  <category>security</category>
  <rating>important</rating>
  <packager>sreeves1</packager>
  <description>
  
This update for MozillaFirefox to 60.2.2ESR fixes the following issues:

Security issues fixed:

MFSA 2018-24:

- CVE-2018-12386: A Type confusion in JavaScript allowed remote code execution (bsc#1110506)
- CVE-2018-12387: Array.prototype.push stack pointer vulnerability may have enabled exploits in the sandboxed content process (bsc#1110507)

MFSA 2018-23:

- CVE-2018-12385: Fixed a crash in TransportSecurityInfo due to cached data (bsc#1109363)
- CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343)
 
Non security issues fixed:

- Avoid undefined behavior in IPC fd-passing code (bsc#1094767)
- Fixed a startup crash affecting users migrating from older ESR releases
- Clean up old NSS DB files after upgrading
- Fixed an endianness problem in bindgen's handling of
  bitfields, which was causing Firefox to crash on startup on big-endian
  machines.  Also, updates the cc crate, which was buggy in the version
  that was originally vendored in. (bsc#1109465)
</description>
  <summary>Security update for MozillaFirefox</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places