AVG-659 log
| Package | firefox |
| Status | Not affected |
| Severity | Critical |
| Type | arbitrary code execution |
| Affected | 59.0-2 |
| Fixed | 59.0.1-1 |
| Current | 145.0-1 [extra] |
| Ticket | None |
| Created | Mon Mar 19 11:18:58 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-5147 | Critical | Yes | Arbitrary code execution | An out of bounds memory write vulnerability has been discovered in libtremor while processing Vorbis audio data related to codebooks that are not an exact... |
| References |
|---|
https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/#CVE-2018-5146 https://bugzilla.mozilla.org/show_bug.cgi?id=1446062 |
| Notes |
|---|
The libtremor library has the same flaw as CVE-2018-5146. This library is only used by Firefox in place of libvorbis on Android and ARM platforms. |