Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3262 firefox-esr security update 25 October 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: firefox-esr Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-12397 CVE-2018-12396 CVE-2018-12395 CVE-2018-12393 CVE-2018-12392 CVE-2018-12390 CVE-2018-12389 Reference: ESB-2018.3261 ASB-2018.0270.2 Original Bulletin: http://www.debian.org/security/2018/dsa-4324 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4324-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 24, 2018 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 Multiple security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code, privilege escalation or information disclosure. For the stable distribution (stretch), these problems have been fixed in version 60.3.0esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvQ16YACgkQEMKTtsN8 TjZv3xAAgWGRErng46ANuMUv4t7bso4DssecB5svhtq+K7Dwu70l/NbuPVMD2Fie z9CDcwv0Ot0uhaduqiJTW5ebI6BToYD/YpfDv6KitSCrMB/AXu7dzHzv7yNxQUyX v6dU8/46SFae3F3to8D/w9Dcqj06TdX4pjc8zu5Xc9f7JQQ2vvbEK022LB6pDiGx GlZiKBFEsGo0ksDBaFgfNnTfw6fbRzduQua61x7KFyoXR8i3g3b0rvewrIsMNDQI jhLGHEjDYodMnJzsj1hdnBtBoQmIBaVxYMdinesS2nq22bAHbTb5ptF5ffLkAU95 gVcLToSh6hPXWAIjy45oBir2G7EN0Q7IAp75YkKEjtAjNuHS9ixPThvVxQCQa27r CS/1G6NkryUzsWRgMKjnrcGceL7uSpaw4kPgYiPpZk6tNR+yiUgkI7uoAphhjSgQ kTKSQEioRBXSMH/dnbeJ7TUX0bF4xL0uZQYVQYcGaTdbRt+TQKKvwvEGwYujeXxB 6x4l2BA9u0Ta8sgz9xju7FAUAkUERaJ7eccVo+4FBaqG5RgM8VLPJaczBZiT/rKQ MjdqyzPjI1tC6JDfHssFulnPmw6QE2rGfRV6xHYCvcO9xN49u/QWjrHNyGMPBZW9 Blcu1ZjVYNj7EAF8G2RzbFTrlMMga5eSGqS/K139wnDtxRh/jYI= =g9Hk - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW9EO62aOgq3Tt24GAQjmRBAAyiHWznVTN8hLtrr305Bozq7gNWeYnLXi DGA19INRIO4kNS39EzxfvZ0piwSqFwjMz27A1w/JyyWClFHwEqP5n7o6U9PF5x+j VjwYlWGzKv8QmeZ8mL2seNmjXLgrsaW+je30qO1gwaLwaD62OotLaj6QvcIt+MKG UL074oxaJYbWdQ95dAm7vt7x3NpaGeLldcrACMV8oBuuaC6Qs2zbBa9w/jOQ9ArR dvKxdvGBsCl9WV5SCZr6gr1Epb6ojGgw86w06FfaXCwrjKHUQdNdS93WvDneB0po WSFw+ELAUKjqqi7IXBCcDLxXykmG9Kt6HN3cfbAtcHtslcrOvzZ3HJO+USrza+6a fLGOO3LY68SgDyrzWZMFMZagcRaHuqNbgNx82oIkr3Iv/2DxQog76AkepTNPJy5q jweTaTXZKNhKM1i1tpCChqpPs1bnNoJUIPQQpHJto+TeQY1h5z9rKWd4VIn65j7w JmyQrOKbYVUx5nXd3eIj+yMWaVK5ea1sM623BEq/JZieTTMMlL0NCmOPUPQn85/Z 1AKRQku5sTg+LkyIS2MFbokRL6+1/SmapYvxD60JykwThYkt9/KiROPqStZ0w3QO vOE5BS3lJ/jpO4asOACwMtYM4ACR9V4ZHHefQNZXRpDJGyATV9wtUou9jMhLfdoL ztAaBqLPx5U= =xH5b -----END PGP SIGNATURE-----