AVG-896

Package firefox
Status Fixed
Severity High
Type multiple issues
Affected 65.0-2
Fixed 65.0.1-1
Current 68.0.1-2 [extra]
Ticket None
Created Wed Feb 13 09:00:15 2019
Issue Severity Remote Type Description
CVE-2019-5785 High Yes Arbitrary code execution
An integer overflow issue has been found in the Skia component of firefox before 65.0.1 and thunderbird before 60.5.1.
CVE-2018-18511 High Yes Same-origin policy bypass
A cross-origin theft of images issue has been found in the ImageBitmapRenderingContext component of firefox 65.0, where cross- origin images can be read...
CVE-2018-18356 High Yes Arbitrary code execution
A use-after-free has been found in the Skia component of chromium before 71.0.3578.80 and firefox before 65.0.1 and thunderbird before 60.5.1.
Date Advisory Package Description
13 Feb 2019 ASA-201902-16 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/