[SUSE-SU-2018:4236-2] Security update for MozillaFirefox, mozilla-nspr and mozilla-nss
Severity
Important
CVEs
9
Security update for MozillaFirefox, mozilla-nspr and mozilla-nss
This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues:
Issues fixed in MozillaFirefox:
- Update to Firefox ESR 60.4 (bsc#1119105)
- CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
- CVE-2018-18492: Fixed a use-after-free with select element
- CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
- CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Fixed a few memory safety bugs
Issues fixed in mozilla-nss:
- Update to NSS 3.40.1 (bsc#1119105)
- CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069)
- CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873)
- CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410)
- Fixed a decryption failure during FFDHE key exchange
- Various security fixes in the ASN.1 code
Issues fixed in mozilla-nspr:
- Update mozilla-nspr to 4.20 (bsc#1119105)
- ID
- SUSE-SU-2018:4236-2
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2018/suse-su-20184236-2/
- Published
-
2019-04-15T15:37:00
(5 years ago) - Modified
-
2019-04-15T15:37:00
(5 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS-2018-1095
-
ALAS-2018-1102
-
ALAS-2020-1355
-
ALAS2-2018-1095
-
ALAS2-2018-1102
-
ALAS2-2019-1168
-
ALAS2-2019-1305
-
ALPINE:CVE-2018-0495
-
ALPINE:CVE-2018-12384
-
ALPINE:CVE-2018-12404
-
ASA-201806-10
-
ASA-201810-12
-
ASA-201812-9
-
DSA-4231-1
-
DSA-4330-1
-
DSA-4354-1
-
DSA-4362-1
-
ELSA-2018-2768
-
ELSA-2018-2898
-
ELSA-2018-3221
-
ELSA-2018-3831
-
ELSA-2018-3833
-
ELSA-2019-0159
-
ELSA-2019-0160
-
ELSA-2019-2237
-
FEDORA-2018-1a7a5c54c2
-
FEDORA-2018-1ea5beb4cf
-
FEDORA-2018-2575edf8d3
-
FEDORA-2018-34f7f68029
-
FEDORA-2018-4a21a8ca59
-
FEDORA-2018-6788454ab6
-
FEDORA-2018-98ab6b4e56
-
FEDORA-2018-a78b2ef820
-
FEDORA-2018-c72d2d89ec
-
FEDORA-2018-eaa7de17ae
-
FEDORA-2018-fd194a1f14
-
FEDORA-2019-a8ffcff7ee
-
FREEBSD:9B5162DE-6F39-11E8-818E-E8E0B747A45A
-
FREEBSD:D10B49B2-8D02-49E8-AFDE-0844626317AF
-
GLSA-201811-10
-
GLSA-201903-04
-
MFSA-2018-29
-
MFSA-2018-30
-
MFSA-2018-31
-
openSUSE-SU-2018:3835-1
-
openSUSE-SU-2019:0183-1
-
openSUSE-SU-2019:0249-1
-
openSUSE-SU-2019:0251-1
-
openSUSE-SU-2019:1758-1
-
RHSA-2018:2768
-
RHSA-2018:2898
-
RHSA-2018:3004
-
RHSA-2018:3221
-
RHSA-2018:3831
-
RHSA-2018:3833
-
RHSA-2019:0159
-
RHSA-2019:0160
-
RHSA-2019:2237
-
SSA:2018-164-01
-
SSA:2018-337-01
-
SSA:2018-345-01
-
SUSE-SU-2018:1993-1
-
SUSE-SU-2018:2089-1
-
SUSE-SU-2018:2452-2
-
SUSE-SU-2018:4235-1
-
SUSE-SU-2018:4236-1
-
SUSE-SU-2019:0273-1
-
SUSE-SU-2019:0338-1
-
USN-3689-1
-
USN-3689-2
-
USN-3692-1
-
USN-3692-2
-
USN-3844-1
-
USN-3850-1
-
USN-3850-2
-
USN-3868-1
-
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |