AVG-727 log

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 60.0.2-1
Fixed 61.0-1
Current 71.0-1 [extra]
Ticket None
Created Wed Jun 27 12:17:20 2018
Issue Severity Remote Type Description
CVE-2018-12371 Medium Yes Arbitrary code execution
An integer overflow vulnerability has been found in the Skia library shipped with Firefox before 61.0  and Thunderbird before 60.0, when allocating memory...
CVE-2018-12370 Low Yes Access restriction bypass
In the Reader View of Firefox before 61.0, SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader...
CVE-2018-12369 Medium Yes Access restriction bypass
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization before Firefox 61.0. This allowed a malicious...
CVE-2018-12367 Medium Yes Information disclosure
A security issue has been found in Firefox before 61.0 and Thunderbird before 60.0. In the previous mitigations for Spectre, the resolution or precision of...
CVE-2018-12366 Medium Yes Information disclosure
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value, in Firefox before 61.0...
CVE-2018-12365 Medium No Information disclosure
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9 where a compromised IPC child process can escape the content sandbox and...
CVE-2018-12364 High Yes Cross-site request forgery
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9, where NPAPI plugins, such as Adobe Flash, can send non- simple...
CVE-2018-12363 High Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when script uses mutation events to move DOM nodes between...
CVE-2018-12362 High Yes Arbitrary code execution
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 during graphics operations done by the Supplemental Streaming SIMD...
CVE-2018-12361 Critical Yes Arbitrary code execution
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 60.0 in the SwizzleData code while calculating buffer sizes. The overflowed...
CVE-2018-12360 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when deleting an input element during a mutation event handler...
CVE-2018-12359 Critical Yes Arbitrary code execution
A buffer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 when rendering canvas content while adjusting the height and width of the...
CVE-2018-12358 High Yes Same-origin policy bypass
Service workers in Firefox before 61.0 can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to...
CVE-2018-12356 High Yes Arbitrary code execution
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7 through 1.7.1. The signature verification routine parses the output of...
CVE-2018-5188 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 52.9. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5187 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 60.0. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5186 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with...
Date Advisory Package Description
27 Jun 2018 ASA-201806-14 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15