Fedora Magazine - https://fedoramagazine.org/critical-firefox-vulnerability-fixed-59-0-1/
On Friday, Mozilla issued a security advisory for Firefox, the default web browser in Fedora. This advisory centered around two CVEs — both of which allowed an out of bounds memory write while processing Vorbis audio data, leading to arbitrary code execution. CVE-2018-5146 is against the bundled library libvorbis that Firefox ships to process Vorbis audio on most architectures. CVE-2018-5147 is against libtremor, which firefox bundles for the same task on ARM architectures.
At the same time as the security advisory was issued, Mozilla released Firefox 59.0.1 that fixes these issues.
Updating Firefox in Fedora
At the time of writing,