{"id":"MGASA-2018-0097","summary":"Updated firefox packages fix security vulnerabilities","details":"Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095,\nCVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099,\nCVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117).\n\nTo mitigate timing-based side-channel attacks similar to \"Spectre\" and\n\"Meltdown\", the resolution of performance.now() has been reduced from\n5μs to 20μs.\n","modified":"2026-01-31T11:54:22.626558Z","published":"2018-01-25T12:47:25Z","related":["CVE-2018-5089","CVE-2018-5091","CVE-2018-5095","CVE-2018-5096","CVE-2018-5097","CVE-2018-5098","CVE-2018-5099","CVE-2018-5102","CVE-2018-5103","CVE-2018-5104","CVE-2018-5117"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0097.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22432"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2018:0122"}],"affected":[{"package":{"name":"nspr","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0097.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20180104.00-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0097.json"}},{"package":{"name":"nss","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.6-1.3.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0097.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.6.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0097.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.6.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0097.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}