Security update for Mozilla Firefox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2996-1 Final 1 1 2018-10-04T07:35:50Z current 2018-10-04T07:35:50Z 2018-10-04T07:35:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Mozilla Firefox This update for Mozilla Firefox to version 60.2.2esr contains the following security fixes (MFSA 2018-24): - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00002.html E-Mail link for openSUSE-SU-2018:2996-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 MozillaFirefox-60.2.2-118.1 MozillaFirefox-branding-upstream-60.2.2-118.1 MozillaFirefox-buildsymbols-60.2.2-118.1 MozillaFirefox-devel-60.2.2-118.1 MozillaFirefox-translations-common-60.2.2-118.1 MozillaFirefox-translations-other-60.2.2-118.1 MozillaFirefox-60.2.2-118.1 as a component of openSUSE Leap 42.3 MozillaFirefox-branding-upstream-60.2.2-118.1 as a component of openSUSE Leap 42.3 MozillaFirefox-buildsymbols-60.2.2-118.1 as a component of openSUSE Leap 42.3 MozillaFirefox-devel-60.2.2-118.1 as a component of openSUSE Leap 42.3 MozillaFirefox-translations-common-60.2.2-118.1 as a component of openSUSE Leap 42.3 MozillaFirefox-translations-other-60.2.2-118.1 as a component of openSUSE Leap 42.3 A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. CVE-2018-12386 openSUSE Leap 42.3:MozillaFirefox-60.2.2-118.1 openSUSE Leap 42.3:MozillaFirefox-branding-upstream-60.2.2-118.1 openSUSE Leap 42.3:MozillaFirefox-buildsymbols-60.2.2-118.1 openSUSE Leap 42.3:MozillaFirefox-devel-60.2.2-118.1 openSUSE Leap 42.3:MozillaFirefox-translations-common-60.2.2-118.1 openSUSE Leap 42.3:MozillaFirefox-translations-other-60.2.2-118.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00002.html https://www.suse.com/security/cve/CVE-2018-12386.html CVE-2018-12386 https://bugzilla.suse.com/1110506 SUSE Bug 1110506 A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. CVE-2018-12387 openSUSE Leap 42.3:MozillaFirefox-60.2.2-118.1 openSUSE Leap 42.3:MozillaFirefox-branding-upstream-60.2.2-118.1 openSUSE Leap 42.3:MozillaFirefox-buildsymbols-60.2.2-118.1 openSUSE Leap 42.3:MozillaFirefox-devel-60.2.2-118.1 openSUSE Leap 42.3:MozillaFirefox-translations-common-60.2.2-118.1 openSUSE Leap 42.3:MozillaFirefox-translations-other-60.2.2-118.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00002.html https://www.suse.com/security/cve/CVE-2018-12387.html CVE-2018-12387 https://bugzilla.suse.com/1110507 SUSE Bug 1110507