Security update for MozillaFirefox, mozilla-nss SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1616-1 Final 1 1 2018-06-08T14:43:52Z current 2018-06-08T14:43:52Z 2018-06-08T14:43:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox, mozilla-nss This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issue fixed in Mozilla Firefox 60.0.2 ESR: - CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia (MFSA 2018-14, boo#1096449) The following bugs were fixed: - In KDE Open with option in download dialog has no effect with kmozillahelper (boo#1094747) - Startup crashes on aarch64 (boo#1093059) Mozilla Firefox now requires NSS 3.36.4 (boo#1096515). The following changes are included in NSS: - Fix issues connecting to servers recently upgraded to TLS 1.3 (SSL_RX_MALFORMED_SERVER_HELLO error) - Fix a rare bug with PKCS#12 files - Apply additional harding (relro linker option) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00011.html E-Mail link for openSUSE-SU-2018:1616-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 MozillaFirefox-60.0.2-101.1 MozillaFirefox-branding-upstream-60.0.2-101.1 MozillaFirefox-buildsymbols-60.0.2-101.1 MozillaFirefox-devel-60.0.2-101.1 MozillaFirefox-translations-common-60.0.2-101.1 MozillaFirefox-translations-other-60.0.2-101.1 libfreebl3-3.36.4-50.1 libfreebl3-32bit-3.36.4-50.1 libsoftokn3-3.36.4-50.1 libsoftokn3-32bit-3.36.4-50.1 mozilla-nss-3.36.4-50.1 mozilla-nss-32bit-3.36.4-50.1 mozilla-nss-certs-3.36.4-50.1 mozilla-nss-certs-32bit-3.36.4-50.1 mozilla-nss-devel-3.36.4-50.1 mozilla-nss-sysinit-3.36.4-50.1 mozilla-nss-sysinit-32bit-3.36.4-50.1 mozilla-nss-tools-3.36.4-50.1 MozillaFirefox-60.0.2-101.1 as a component of openSUSE Leap 42.3 MozillaFirefox-branding-upstream-60.0.2-101.1 as a component of openSUSE Leap 42.3 MozillaFirefox-buildsymbols-60.0.2-101.1 as a component of openSUSE Leap 42.3 MozillaFirefox-devel-60.0.2-101.1 as a component of openSUSE Leap 42.3 MozillaFirefox-translations-common-60.0.2-101.1 as a component of openSUSE Leap 42.3 MozillaFirefox-translations-other-60.0.2-101.1 as a component of openSUSE Leap 42.3 libfreebl3-3.36.4-50.1 as a component of openSUSE Leap 42.3 libfreebl3-32bit-3.36.4-50.1 as a component of openSUSE Leap 42.3 libsoftokn3-3.36.4-50.1 as a component of openSUSE Leap 42.3 libsoftokn3-32bit-3.36.4-50.1 as a component of openSUSE Leap 42.3 mozilla-nss-3.36.4-50.1 as a component of openSUSE Leap 42.3 mozilla-nss-32bit-3.36.4-50.1 as a component of openSUSE Leap 42.3 mozilla-nss-certs-3.36.4-50.1 as a component of openSUSE Leap 42.3 mozilla-nss-certs-32bit-3.36.4-50.1 as a component of openSUSE Leap 42.3 mozilla-nss-devel-3.36.4-50.1 as a component of openSUSE Leap 42.3 mozilla-nss-sysinit-3.36.4-50.1 as a component of openSUSE Leap 42.3 mozilla-nss-sysinit-32bit-3.36.4-50.1 as a component of openSUSE Leap 42.3 mozilla-nss-tools-3.36.4-50.1 as a component of openSUSE Leap 42.3 A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVE-2018-6126 openSUSE Leap 42.3:MozillaFirefox-60.0.2-101.1 openSUSE Leap 42.3:MozillaFirefox-branding-upstream-60.0.2-101.1 openSUSE Leap 42.3:MozillaFirefox-buildsymbols-60.0.2-101.1 openSUSE Leap 42.3:MozillaFirefox-devel-60.0.2-101.1 openSUSE Leap 42.3:MozillaFirefox-translations-common-60.0.2-101.1 openSUSE Leap 42.3:MozillaFirefox-translations-other-60.0.2-101.1 openSUSE Leap 42.3:libfreebl3-3.36.4-50.1 openSUSE Leap 42.3:libfreebl3-32bit-3.36.4-50.1 openSUSE Leap 42.3:libsoftokn3-3.36.4-50.1 openSUSE Leap 42.3:libsoftokn3-32bit-3.36.4-50.1 openSUSE Leap 42.3:mozilla-nss-3.36.4-50.1 openSUSE Leap 42.3:mozilla-nss-32bit-3.36.4-50.1 openSUSE Leap 42.3:mozilla-nss-certs-3.36.4-50.1 openSUSE Leap 42.3:mozilla-nss-certs-32bit-3.36.4-50.1 openSUSE Leap 42.3:mozilla-nss-devel-3.36.4-50.1 openSUSE Leap 42.3:mozilla-nss-sysinit-3.36.4-50.1 openSUSE Leap 42.3:mozilla-nss-sysinit-32bit-3.36.4-50.1 openSUSE Leap 42.3:mozilla-nss-tools-3.36.4-50.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00011.html https://www.suse.com/security/cve/CVE-2018-6126.html CVE-2018-6126 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 https://bugzilla.suse.com/1096449 SUSE Bug 1096449