advisories/24258.adv

type: security
subject: Updated firefox packages fix security vulnerabilities
CVE:
 - CVE-2018-18500
 - CVE-2018-18501
 - CVE-2018-18505
src:
  6:
   core:
     - nss-3.36.7-1.mga6
     - firefox-60.5.0-1.mga6
     - firefox-l10n-60.5.0-1.mga6
description: |
  Use-after-free parsing HTML5 stream (CVE-2018-18500).

  Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
  (CVE-2018-18501).

  Privilege escalation through IPC channel messages (CVE-2018-18505).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24258
 - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes
 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/
 - https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
 - https://access.redhat.com/errata/RHSA-2019:0219
ID: MGASA-2019-0060
1	type: security
2	subject: Updated firefox packages fix security vulnerabilities
3	CVE:
4	- CVE-2018-18500
5	- CVE-2018-18501
6	- CVE-2018-18505
7	src:
8	6:
9	core:
10	- nss-3.36.7-1.mga6
11	- firefox-60.5.0-1.mga6
12	- firefox-l10n-60.5.0-1.mga6
13	description: \|
14	Use-after-free parsing HTML5 stream (CVE-2018-18500).
15
16	Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
17	(CVE-2018-18501).
18
19	Privilege escalation through IPC channel messages (CVE-2018-18505).
20	references:
21	- https://bugs.mageia.org/show_bug.cgi?id=24258
22	- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes
23	- https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/
24	- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
25	- https://access.redhat.com/errata/RHSA-2019:0219
26	ID: MGASA-2019-0060