Overview

File _patchinfo of Package patchinfo.9027

<patchinfo incident="9027">
  <packager>AndreasStieger</packager>
  <issue tracker="bnc" id="1112852"></issue>
  <issue tracker="cve" id="2018-12392"></issue>
  <issue tracker="cve" id="2018-12393"></issue>
  <issue tracker="cve" id="2018-12395"></issue>
  <issue tracker="cve" id="2018-12396"></issue>
  <issue tracker="cve" id="2018-12397"></issue>
  <issue tracker="cve" id="2018-12389"></issue>
  <issue tracker="cve" id="2018-12390"></issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for Mozilla Firefox</summary>
  <description>This update for Mozilla Firefox to version 60.3.0esr fixes security issues and stability bugs.

The following security issues were fixed (MFSA 2018-27, boo#1112852):

- CVE-2018-12392: Crash with nested event loops
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
- CVE-2018-12397: WebExtension local file access vulnerability
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places