AVG-833

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 63.0.3-1
Fixed 64.0-1
Current 64.0.2-1 [extra]
Ticket None
Created Wed Dec 12 09:14:05 2018
Issue Severity Remote Type Description
CVE-2018-18497 Medium Yes Access restriction bypass
A security issue has been found in Firefox < 64.0, where limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed...
CVE-2018-18495 Medium Yes Access restriction bypass
A security issue has been found in Firefox < 64.0, where WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of...
CVE-2018-18494 High Yes Same-origin policy bypass
A same-origin policy violation has been found in Firefox < 64.0, allowing the theft of cross-origin URL entries when using the Javascript location property...
CVE-2018-18493 High Yes Arbitrary code execution
A buffer overflow can occur in the Skia library use by Firefox < 64.0, during buffer offset calculations with hardware accelerated canvas 2D actions due to...
CVE-2018-18492 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 64.0, after deleting a selection element due to a weak reference to the select element in the options collection.
CVE-2018-17466 Medium Yes Arbitrary code execution
A buffer overflow and out-of-bounds read has been found in the TextureStorage11 function of the Angle library, as used in the chromium browser before...
CVE-2018-12407 High Yes Arbitrary code execution
A buffer overflow has been found in the Angle library used for WebGL content by Firefox < 64.0, when drawing and validating elements with the VertexBuffer11 module.
CVE-2018-12406 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 64.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
CVE-2018-12405 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 64.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
Date Advisory Package Description
12 Dec 2018 ASA-201812-9 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/