An update that fixes 6 vulnerabilities is now available.
This update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs.
Security issues fixed as part of the MFSA 2018-30 advisory (boo#1119105):
- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element - CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Integer overflow when calculating buffer sizes for images - CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
The following changes are included:
- now requires NSS >= 3.36.6 - Updated list of currency codes to include Unidad Previsional (UYW)
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product: