[3.9] firefox-esr: Multiple vulnerabilities (CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498)
CVE-2018-12405: Memory safety bugs
CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library
with TextureStorage11
CVE-2018-18492: Use-after-free with select element
CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
CVE-2018-18494: Same-origin policy violation using location attribute
and performance.getEntries to steal cross-origin URLs
CVE-2018-18498: Integer overflow when calculating buffer sizes for
images
Fixed In Version:
firefox ESR 60.4
References:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/
(from redmine: issue id 9767, created on 2018-12-13, closed on 2019-04-08)
- Relations:
- parent #9766 (closed)