FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 59.0_1,1
waterfox <
linux-seamonkey < 2.49.3
seamonkey < 2.49.3
firefox-esr < 52.7.0,1
linux-firefox < 52.7.0,2
libxul < 52.7.0
linux-thunderbird < 52.7.0
thunderbird < 52.7.0


VuXML ID c71cdc95-3c18-45b7-866a-af28b59aabb5
Discovery 2018-03-13
Entry 2018-03-13
Modified 2018-03-16

Mozilla Foundation reports:

CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList

CVE-2018-5128: Use-after-free manipulating editor selection ranges

CVE-2018-5129: Out-of-bounds write with malformed IPC messages

CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption

CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources

CVE-2018-5132: WebExtension Find API can search privileged pages

CVE-2018-5133: Value of the preference is not properly sanitized

CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions

CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts

CVE-2018-5136: Same-origin policy violation with data: URL shared workers

CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources

CVE-2018-5138: Android Custom Tab address spoofing through long domain names

CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol

CVE-2018-5141: DOS attack through notifications Push API

CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs

CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar

CVE-2018-5126: Memory safety bugs fixed in Firefox 59

CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7


CVE Name CVE-2018-5125
CVE Name CVE-2018-5126
CVE Name CVE-2018-5127
CVE Name CVE-2018-5128
CVE Name CVE-2018-5129
CVE Name CVE-2018-5130
CVE Name CVE-2018-5131
CVE Name CVE-2018-5132
CVE Name CVE-2018-5133
CVE Name CVE-2018-5134
CVE Name CVE-2018-5135
CVE Name CVE-2018-5136
CVE Name CVE-2018-5137
CVE Name CVE-2018-5138
CVE Name CVE-2018-5140
CVE Name CVE-2018-5141
CVE Name CVE-2018-5142
CVE Name CVE-2018-5143