[3.7] firefox-esr: Multiple vulnerabilities (CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145, CVE-2018-5147)
CVE-2018-5125: Memory safety bugs
CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
CVE-2018-5129: Out-of-bounds write with malformed IPC messages
CVE-2018-5130: Mismatched RTP payload type can trigger memory
corruption
CVE-2018-5131: Fetch API improperly returns cached copies of
no-store/no-cache resources
CVE-2018-5144: Integer overflow during Unicode conversion
CVE-2018-5145: Memory safety bugs
Fixed In Version:
Firefox ESR 52.7
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
CVE-2018-5147: Out of bounds memory write in libtremor
Fixed In Version:
Firefox ESR 52.7.2
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
(from redmine: issue id 8702, created on 2018-03-21, closed on 2018-04-03)
- Relations:
- copied_to #8700 (closed)
- parent #8700 (closed)
- Changesets:
- Revision f8701de7 on 2018-04-02T17:31:15Z:
main/tiff: fix CVE-2018-5784
fixes #8702
- Revision 92b32600 by Natanael Copa on 2018-04-02T18:28:39Z:
community/firefox-esr: security upgrade to 52.7.2
fixes #8702
CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR
52.7
CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
CVE-2018-5129: Out-of-bounds write with malformed IPC messages
CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
CVE-2018-5131: Fetch API improperly returns cached copies of
no-store/no-cache resources
CVE-2018-5144: Integer overflow during Unicode conversion
CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7