firefox-esr: Multiple vulnerabilities (CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, CVE-2018-5183)
CVE-2018-5150: Memory safety bugs
CVE-2018-5154: Use-after-free with SVG animations and clip paths
CVE-2018-5155: Use-after-free with SVG animations and text paths
CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF
files
CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
CVE-2018-5168: Lightweight themes can be installed without user
interaction
CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion
through legacy extension
CVE-2018-5183: Backport critical security fixes in Skia
Fixed In:
Firefox ESR 52.8
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/
(from redmine: issue id 8890, created on 2018-05-16, closed on 2018-05-22)
- Relations:
- copied_to #8891 (closed)
- copied_to #8892 (closed)
- child #8891 (closed)
- child #8892 (closed)