Security update for MozillaFirefox

Announcement ID:	SUSE-SU-2018:0374-1
Rating:	important
References:	bsc#1077291
Cross-References:	CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117
CVSS scores:	CVE-2018-5089 ( SUSE ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-5089 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-5091 ( SUSE ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-5091 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-5095 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-5095 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-5096 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-5096 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-5097 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-5097 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-5098 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-5098 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-5099 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-5099 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-5102 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-5102 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-5103 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-5103 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-5104 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-5104 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-5117 ( SUSE ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2018-5117 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:	SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 LTSS 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 SUSE Linux Enterprise Software Development Kit 12 12-SP2 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE OpenStack Cloud 6

An update that solves 11 vulnerabilities can now be installed.

Description:

This update for MozillaFirefox to version 52.6 several issues.

These security issues were fixed:

• CVE-2018-5091: Use-after-free with DTMF timers (bsc#1077291).
• CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291).
• CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).
• CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291).
• CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291).
• CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).
• CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291).
• CVE-2018-5089: Fixed several memory safety bugs (bsc#1077291).
• CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291).
• CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).
• CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 6
  zypper in -t patch SUSE-OpenStack-Cloud-6-2018-263=1
• SUSE Linux Enterprise Desktop 12 SP2
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-263=1
• SUSE Linux Enterprise Desktop 12 SP3
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-263=1
• SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
  zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-263=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-263=1
• SUSE Linux Enterprise Software Development Kit 12 12-SP2
  zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-263=1
• SUSE Linux Enterprise Software Development Kit 12 SP3
  zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-263=1
• SUSE Linux Enterprise Server 12 LTSS 12
  zypper in -t patch SUSE-SLE-SERVER-12-2018-263=1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-263=1
• SUSE Linux Enterprise High Performance Computing 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-263=1
• SUSE Linux Enterprise Server 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-263=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-263=1
• SUSE Linux Enterprise Server 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-263=1
• SUSE Linux Enterprise High Performance Computing 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-263=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-263=1

Package List:

• SUSE OpenStack Cloud 6 (x86_64)
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-devel-52.6.0esr-109.13.1
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise Desktop 12 SP2 (x86_64)
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (aarch64)
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-devel-52.6.0esr-109.13.1
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise Software Development Kit 12 12-SP2 (aarch64 ppc64le s390x x86_64)
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-devel-52.6.0esr-109.13.1
• SUSE Linux Enterprise Software Development Kit 12 SP3 (aarch64 ppc64le s390x x86_64)
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-devel-52.6.0esr-109.13.1
• SUSE Linux Enterprise Server 12 LTSS 12 (ppc64le s390x x86_64)
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-devel-52.6.0esr-109.13.1
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (ppc64le s390x x86_64)
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-devel-52.6.0esr-109.13.1
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise High Performance Computing 12 SP2 (aarch64 x86_64)
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise Server 12 SP2 (aarch64 ppc64le s390x x86_64)
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
  • MozillaFirefox-debuginfo-52.6.0esr-109.13.1
  • MozillaFirefox-debugsource-52.6.0esr-109.13.1
  • MozillaFirefox-52.6.0esr-109.13.1
  • MozillaFirefox-translations-52.6.0esr-109.13.1

References:

• https://www.suse.com/security/cve/CVE-2018-5089.html
• https://www.suse.com/security/cve/CVE-2018-5091.html
• https://www.suse.com/security/cve/CVE-2018-5095.html
• https://www.suse.com/security/cve/CVE-2018-5096.html
• https://www.suse.com/security/cve/CVE-2018-5097.html
• https://www.suse.com/security/cve/CVE-2018-5098.html
• https://www.suse.com/security/cve/CVE-2018-5099.html
• https://www.suse.com/security/cve/CVE-2018-5102.html
• https://www.suse.com/security/cve/CVE-2018-5103.html
• https://www.suse.com/security/cve/CVE-2018-5104.html
• https://www.suse.com/security/cve/CVE-2018-5117.html
• https://bugzilla.suse.com/show_bug.cgi?id=1077291