An update that fixes three vulnerabilities is now available.
This update for MozillaFirefox to version 60.5.1 fixes the following issues:
Security issues fixed (bsc#1125330):
- CVE-2018-18356: Fixed a use-after-free vulnerability in Skia library. - CVE-2019-5785: Fixed an integer overflow in the Skia library. - CVE-2018-18335: Fixed a buffer overflow in Skia library with accelerated Canvas 2D by disabling Canvas 2D. This vulnerability does not affect Linux platform.
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product: