Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:2325-1 Final 1 1 2018-08-14T13:58:21Z current 2018-08-14T13:58:21Z 2018-08-14T13:58:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-MozillaFirefox-13723,sleposp3-MozillaFirefox-13723,slessp3-MozillaFirefox-13723,slessp4-MozillaFirefox-13723 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20182325-1/ Link for SUSE-SU-2018:2325-1 https://lists.suse.com/pipermail/sle-security-updates/2018-August/004413.html E-Mail link for SUSE-SU-2018:2325-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1098998 SUSE Bug 1098998 https://www.suse.com/security/cve/CVE-2018-12359/ SUSE CVE CVE-2018-12359 page https://www.suse.com/security/cve/CVE-2018-12360/ SUSE CVE CVE-2018-12360 page https://www.suse.com/security/cve/CVE-2018-12362/ SUSE CVE CVE-2018-12362 page https://www.suse.com/security/cve/CVE-2018-12363/ SUSE CVE CVE-2018-12363 page https://www.suse.com/security/cve/CVE-2018-12364/ SUSE CVE CVE-2018-12364 page https://www.suse.com/security/cve/CVE-2018-12365/ SUSE CVE CVE-2018-12365 page https://www.suse.com/security/cve/CVE-2018-12366/ SUSE CVE CVE-2018-12366 page https://www.suse.com/security/cve/CVE-2018-12368/ SUSE CVE CVE-2018-12368 page https://www.suse.com/security/cve/CVE-2018-5156/ SUSE CVE CVE-2018-5156 page https://www.suse.com/security/cve/CVE-2018-5188/ SUSE CVE CVE-2018-5188 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox-devel-52.9.0esr-72.38.6 MozillaFirefox-52.9.0esr-72.38.6 MozillaFirefox-translations-52.9.0esr-72.38.6 MozillaFirefox-52.9.0esr-72.38.6 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 MozillaFirefox-translations-52.9.0esr-72.38.6 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 MozillaFirefox-52.9.0esr-72.38.6 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS MozillaFirefox-translations-52.9.0esr-72.38.6 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS MozillaFirefox-52.9.0esr-72.38.6 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA MozillaFirefox-translations-52.9.0esr-72.38.6 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA MozillaFirefox-52.9.0esr-72.38.6 as a component of SUSE Linux Enterprise Server 11 SP4 MozillaFirefox-translations-52.9.0esr-72.38.6 as a component of SUSE Linux Enterprise Server 11 SP4 MozillaFirefox-52.9.0esr-72.38.6 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox-translations-52.9.0esr-72.38.6 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox-devel-52.9.0esr-72.38.6 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12359 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-52.9.0esr-72.38.6 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182325-1/ https://www.suse.com/security/cve/CVE-2018-12359.html CVE-2018-12359 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12360 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-52.9.0esr-72.38.6 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182325-1/ https://www.suse.com/security/cve/CVE-2018-12360.html CVE-2018-12360 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12362 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-52.9.0esr-72.38.6 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182325-1/ https://www.suse.com/security/cve/CVE-2018-12362.html CVE-2018-12362 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12363 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-52.9.0esr-72.38.6 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182325-1/ https://www.suse.com/security/cve/CVE-2018-12363.html CVE-2018-12363 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12364 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-52.9.0esr-72.38.6 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182325-1/ https://www.suse.com/security/cve/CVE-2018-12364.html CVE-2018-12364 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12365 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-52.9.0esr-72.38.6 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182325-1/ https://www.suse.com/security/cve/CVE-2018-12365.html CVE-2018-12365 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12366 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-52.9.0esr-72.38.6 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182325-1/ https://www.suse.com/security/cve/CVE-2018-12366.html CVE-2018-12366 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-12368 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-52.9.0esr-72.38.6 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182325-1/ https://www.suse.com/security/cve/CVE-2018-12368.html CVE-2018-12368 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-5156 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-52.9.0esr-72.38.6 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182325-1/ https://www.suse.com/security/cve/CVE-2018-5156.html CVE-2018-5156 https://bugzilla.suse.com/1098998 SUSE Bug 1098998 Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. CVE-2018-5188 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Point of Sale 11 SP3:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-LTSS:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-52.9.0esr-72.38.6 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-52.9.0esr-72.38.6 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-52.9.0esr-72.38.6 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182325-1/ https://www.suse.com/security/cve/CVE-2018-5188.html CVE-2018-5188 https://bugzilla.suse.com/1098998 SUSE Bug 1098998