{"id":"MGASA-2018-0248","summary":"Updated firefox packages fix security vulnerabilities","details":"Updated firefox packages fix security vulnerabilities:\n\nMozilla: Memory safety bugs fixed in Firefox ESR 52.8 (CVE-2018-5150).\n\nMozilla: Backport critical security fixes in Skia (CVE-2018-5183).\n\nMozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154).\n\nMozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155).\n\nMozilla: Same-origin bypass of PDF Viewer to view protected PDF files\n(CVE-2018-5157).\n\nMozilla: Malicious PDF can inject JavaScript into PDF Viewer\n(CVE-2018-5158).\n\nMozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159).\n\nMozilla: Lightweight themes can be installed without user interaction\n(CVE-2018-5168).\n\nMozilla: Buffer overflow during UTF-8 to Unicode string conversion through\nlegacy extension (CVE-2018-5178).\n\nRootcerts has been updated to 20180411.\n","modified":"2026-04-16T01:49:09.832250128Z","published":"2018-05-17T10:54:59Z","upstream":["CVE-2018-5150","CVE-2018-5153","CVE-2018-5154","CVE-2018-5155","CVE-2018-5157","CVE-2018-5158","CVE-2018-5159","CVE-2018-5168","CVE-2018-5178"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0248.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23031"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/"},{"type":"WEB","url":"https://www.mozilla.org/security/known-vulnerabilities/firefox-esr/"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2018:1415"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.8.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0248.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.8.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0248.json"}},{"package":{"name":"nss","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.6-1.4.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0248.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20180411.00-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0248.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}