AVG-862

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 64.0.2-1
Fixed 65.0-1
Current 65.0.1-1 [extra]
Ticket None
Created Thu Jan 31 18:00:05 2019
Issue Severity Remote Type Description
CVE-2018-18506 Medium Yes Access restriction bypass
When proxy auto-detection is enabled in Firefox < 65.0, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally,...
CVE-2018-18505 High No Privilege escalation
A privilege escalation issue has been found in Firefox < 65.0. An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added...
CVE-2018-18504 High Yes Arbitrary code execution
A memory corruption and out-of-bounds read have been found in Firefox < 65.0, that can occur when the buffer of a texture client is freed while it is still...
CVE-2018-18503 High Yes Arbitrary code execution
A memory corruption vulnerability has been found in the Audio Buffer component of Firefox < 65.0. When JavaScript is used to create and manipulate an audio...
CVE-2018-18502 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 65.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
CVE-2018-18501 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 65.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough...
CVE-2018-18500 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 65.0, that can occur while parsing an HTML5 stream in concert with custom HTML elements. This...
Date Advisory Package Description
06 Feb 2019 ASA-201902-2 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/