{"id":"MGASA-2018-0420","summary":"Updated firefox packages fix security vulnerabilities","details":"Updated firefox packages fix security vulnerabilities:\n\nMozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389).\n\nMozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3\n(CVE-2018-12390).\n\nMozilla: Crash with nested event loops (CVE-2018-12392).\n\nMozilla: Integer overflow during Unicode conversion while loading\nJavaScript (CVE-2018-12393).\n\nMozilla: WebExtension bypass of domain restrictions through header\nrewriting (CVE-2018-12395).\n\nMozilla: WebExtension content scripts can execute in disallowed contexts\n(CVE-2018-12396).\n\nMozilla: WebExtension local file permission check bypass (CVE-2018-12397).\n","modified":"2026-01-31T04:09:33.991036Z","published":"2018-10-27T09:45:46Z","related":["CVE-2018-12389","CVE-2018-12390","CVE-2018-12392","CVE-2018-12393","CVE-2018-12395","CVE-2018-12396","CVE-2018-12397"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0420.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23751"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2018:3005"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.3.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0420.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"60.3.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0420.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.20-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0420.json"}},{"package":{"name":"nss","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.36.5-1.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0420.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20181001.00-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0420.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}