FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
libvorbis < 1.3.6,3
libtremor < 1.2.1.s20180316
firefox < 59.0.1,1
waterfox < 56.0.4.36_3
linux-seamonkey < 2.49.3
seamonkey < 2.49.3
firefox-esr < 52.7.2,1
linux-firefox < 52.7.2,2
libxul < 52.7.3
linux-thunderbird < 52.7.0
thunderbird < 52.7.0

Details

VuXML ID 7943794f-707f-4e31-9fea-3bbf1ddcedc1
Discovery 2018-03-16
Entry 2018-03-16
Modified 2018-03-31

The Mozilla Foundation reports:

CVE-2018-5146: Out of bounds memory write in libvorbis

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

CVE-2018-5147: Out of bounds memory write in libtremor

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.

References

CVE Name CVE-2018-5146
CVE Name CVE-2018-5147
URL https://www.mozilla.org/security/advisories/mfsa2018-08/
URL https://www.mozilla.org/security/advisories/mfsa2018-09/