FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 64.0_3,1
waterfox < 56.2.6
linux-seamonkey < 2.49.5
seamonkey < 2.49.5
firefox-esr < 60.4.0,1
linux-firefox < 60.4.0,2
libxul < 60.4.0
linux-thunderbird < 60.4.0
thunderbird < 60.4.0

Details

VuXML ID d10b49b2-8d02-49e8-afde-0844626317af
Discovery 2018-12-11
Entry 2018-12-11

Mozilla Foundation reports:

CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module

CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11

CVE-2018-18492: Use-after-free with select element

CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia

CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

CVE-2018-18495: WebExtension content scripts can be loaded in about: pages

CVE-2018-18496: Embedded feed preview page can be abused for clickjacking

CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators

CVE-2018-18498: Integer overflow when calculating buffer sizes for images

CVE-2018-12406: Memory safety bugs fixed in Firefox 64

CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4

References

CVE Name CVE-2018-12405
CVE Name CVE-2018-12406
CVE Name CVE-2018-12407
CVE Name CVE-2018-17466
CVE Name CVE-2018-18492
CVE Name CVE-2018-18493
CVE Name CVE-2018-18494
CVE Name CVE-2018-18495
CVE Name CVE-2018-18496
CVE Name CVE-2018-18497
CVE Name CVE-2018-18498
URL https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/
URL https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/