[SUSE-SU-2018:4236-2] Security update for MozillaFirefox, mozilla-nspr and mozilla-nss
Severity
Important
CVEs
9
Security update for MozillaFirefox, mozilla-nspr and mozilla-nss
This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues:
Issues fixed in MozillaFirefox:
- Update to Firefox ESR 60.4 (bsc#1119105)
- CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
- CVE-2018-18492: Fixed a use-after-free with select element
- CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
- CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Fixed a few memory safety bugs
Issues fixed in mozilla-nss:
- Update to NSS 3.40.1 (bsc#1119105)
- CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069)
- CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873)
- CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410)
- Fixed a decryption failure during FFDHE key exchange
- Various security fixes in the ASN.1 code
Issues fixed in mozilla-nspr:
- Update mozilla-nspr to 4.20 (bsc#1119105)
- ID
- SUSE-SU-2018:4236-2
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2018/suse-su-20184236-2/
- Published
-
2019-04-15T15:37:00
(5 years ago) - Modified
-
2019-04-15T15:37:00
(5 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2018-1095
- ALAS-2018-1102
- ALAS-2020-1355
- ALAS2-2018-1095
- ALAS2-2018-1102
- ALAS2-2019-1168
- ALAS2-2019-1305
- ALPINE:CVE-2018-0495
- ALPINE:CVE-2018-12384
- ALPINE:CVE-2018-12404
- ASA-201806-10
- ASA-201810-12
- ASA-201812-9
- DSA-4231-1
- DSA-4330-1
- DSA-4354-1
- DSA-4362-1
- ELSA-2018-2768
- ELSA-2018-2898
- ELSA-2018-3221
- ELSA-2018-3831
- ELSA-2018-3833
- ELSA-2019-0159
- ELSA-2019-0160
- ELSA-2019-2237
- FEDORA-2018-1a7a5c54c2
- FEDORA-2018-1ea5beb4cf
- FEDORA-2018-2575edf8d3
- FEDORA-2018-34f7f68029
- FEDORA-2018-4a21a8ca59
- FEDORA-2018-6788454ab6
- FEDORA-2018-98ab6b4e56
- FEDORA-2018-a78b2ef820
- FEDORA-2018-c72d2d89ec
- FEDORA-2018-eaa7de17ae
- FEDORA-2018-fd194a1f14
- FEDORA-2019-a8ffcff7ee
- FREEBSD:9B5162DE-6F39-11E8-818E-E8E0B747A45A
- FREEBSD:D10B49B2-8D02-49E8-AFDE-0844626317AF
- GLSA-201811-10
- GLSA-201903-04
- MFSA-2018-29
- MFSA-2018-30
- MFSA-2018-31
- openSUSE-SU-2018:3835-1
- openSUSE-SU-2019:0183-1
- openSUSE-SU-2019:0249-1
- openSUSE-SU-2019:0251-1
- openSUSE-SU-2019:1758-1
- RHSA-2018:2768
- RHSA-2018:2898
- RHSA-2018:3004
- RHSA-2018:3221
- RHSA-2018:3831
- RHSA-2018:3833
- RHSA-2019:0159
- RHSA-2019:0160
- RHSA-2019:2237
- SSA:2018-164-01
- SSA:2018-337-01
- SSA:2018-345-01
- SUSE-SU-2018:1993-1
- SUSE-SU-2018:2089-1
- SUSE-SU-2018:2452-2
- SUSE-SU-2018:4235-1
- SUSE-SU-2018:4236-1
- SUSE-SU-2019:0273-1
- SUSE-SU-2019:0338-1
- USN-3689-1
- USN-3689-2
- USN-3692-1
- USN-3692-2
- USN-3844-1
- USN-3850-1
- USN-3850-2
- USN-3868-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |