firefox-esr: Multiple vulnerabilities (CVE-2018-18335, CVE-2018-18356, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505, CVE-2019-5785)
CVE-2018-18500: Use-after-free parsing HTML5 stream
CVE-2018-18501: Memory safety bugs
CVE-2018-18505: Privilege escalation through IPC channel messages
Fixed In Version:
Firefox ESR 60.5
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/
CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D
CVE-2018-18356: Use-after-free in Skia
CVE-2019-5785: Integer overflow in Skia
Fixed In Version:
Firefox ESR 60.5.1
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
(from redmine: issue id 10057, created on 2019-03-05, closed on 2019-03-27)
- Relations:
- child #10058 (closed)
- child #10059 (closed)