SUSE-SU-2018:2890-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89049646 | Date: (C)2022-04-19 (M)2022-04-18 |
Class: PATCH | Family: unix |
This update for MozillaFirefox to ESR 60.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The "security.pki.distrust_ca_policy" preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation . - CVE-2017-16541: Proxy bypass using automount and autofs . - CVE-2018-12376: Various memory safety bugs . - CVE-2018-12377: Use-after-free in refresh driver timers . - CVE-2018-12378: Use-after-free in IndexedDB . - CVE-2018-12379: Out-of-bounds write with malicious MAR file .
Platform: |
SUSE Linux Enterprise Desktop 15 |