FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 62.0_1,1
waterfox < 56.2.3
linux-seamonkey < 2.49.5
seamonkey < 2.49.5
firefox-esr < 60.2.0_1,1
linux-firefox < 60.2.0,2
libxul < 60.2
linux-thunderbird < 60.2
thunderbird < 60.2

Details

VuXML ID c96d416a-eae7-4d5d-bc84-40deca9329fb
Discovery 2018-09-05
Entry 2018-09-05
Modified 2018-09-15

Mozilla Foundation reports:

CVE-2018-12377: Use-after-free in refresh driver timers

CVE-2018-12378: Use-after-free in IndexedDB

CVE-2018-12379: Out-of-bounds write with malicious MAR file

CVE-2017-16541: Proxy bypass using automount and autofs

CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation

CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android

CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords

CVE-2018-12375: Memory safety bugs fixed in Firefox 62

CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2

References

CVE Name CVE-2017-16541
CVE Name CVE-2018-12375
CVE Name CVE-2018-12376
CVE Name CVE-2018-12377
CVE Name CVE-2018-12378
CVE Name CVE-2018-12379
CVE Name CVE-2018-12381
CVE Name CVE-2018-12382
CVE Name CVE-2018-12383
URL https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/
URL https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/