SUSE-SU-2018:4235-1 -- SLES libfreebl3, libsoftokn3, mozilla-nspr, mozilla-nss, MozillaFirefoxID: oval:org.secpod.oval:def:89049682 | Date: (C)2023-12-20 (M)2023-12-20 |
Class: PATCH | Family: unix |
This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Desktop 15 |
Product: |
libfreebl3 |
libsoftokn3 |
mozilla-nspr |
mozilla-nss |
MozillaFirefox |