AVG-896 log

Package	firefox
Status	Fixed
Severity	High
Type	multiple issues
Affected	65.0-2
Fixed	65.0.1-1
Current	125.0.2-1 [extra]
Ticket	None
Created	Wed Feb 13 09:00:15 2019

Issue	Severity	Remote	Type	Description
CVE-2019-5785	High	Yes	Arbitrary code execution	An integer overflow issue has been found in the Skia component of firefox before 65.0.1 and thunderbird before 60.5.1.
CVE-2018-18511	High	Yes	Same-origin policy bypass	A cross-origin theft of images issue has been found in the ImageBitmapRenderingContext component of firefox 65.0, where cross- origin images can be read...
CVE-2018-18356	High	Yes	Arbitrary code execution	A use-after-free has been found in the Skia component of chromium before 71.0.3578.80 and firefox before 65.0.1 and thunderbird before 60.5.1.

Issue

Severity

Remote

Type

Description

CVE-2019-5785

High

Yes

Arbitrary code execution

An integer overflow issue has been found in the Skia component of firefox before 65.0.1 and thunderbird before 60.5.1.

CVE-2018-18511

High

Yes

Same-origin policy bypass

A cross-origin theft of images issue has been found in the ImageBitmapRenderingContext component of firefox 65.0, where cross- origin images can be read...

CVE-2018-18356

High

Yes

Arbitrary code execution

A use-after-free has been found in the Skia component of chromium before 71.0.3578.80 and firefox before 65.0.1 and thunderbird before 60.5.1.

Date	Advisory	Package	Type
13 Feb 2019	ASA-201902-16	firefox	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/