Overview

File _patchinfo of Package patchinfo.8259

<patchinfo incident="8259">
  <issue tracker="bnc" id="1093059">[Build 20180508] openQA test fails in firefox - firefox "dumped core"</issue>
  <issue tracker="bnc" id="1096449">VUL-0: CVE-2018-6126: MozillaFirefox 52.81/60.0.2 security release</issue>
  <issue tracker="bnc" id="1096515">Mozilla NSS 3.36.4 required for Firefox 60.0.2</issue>
  <issue tracker="bnc" id="1094747">Open with option in download dialog has no effect with kmozillahelper</issue>
  <issue tracker="cve" id="2018-6126"/>
  <category>security</category>
  <rating>important</rating>
  <packager>AndreasStieger</packager>
  <description>This update for MozillaFirefox, mozilla-nss fixes the following issues:

Security issue fixed in Mozilla Firefox 60.0.2 ESR:

- CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia (MFSA 2018-14, boo#1096449)

The following bugs were fixed:

- In KDE Open with option in download dialog has no effect with kmozillahelper (boo#1094747)
- Startup crashes on aarch64 (boo#1093059)

Mozilla Firefox now requires NSS 3.36.4 (boo#1096515). The following changes are included in NSS:

- Fix issues connecting to servers recently upgraded to TLS 1.3 (SSL_RX_MALFORMED_SERVER_HELLO error)
- Fix a rare bug with PKCS#12 files
- Apply additional harding (relro linker option)
</description>
  <summary>Security update for MozillaFirefox, mozilla-nss</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places