CLD-410 Details
Other IDs this deficiency may be known by:
| CVE ID |
None |
| Other ID(s) |
fixed-in-27.9.2 |
Basic Information:
| Affected Package(s) |
palemoon |
| Deficiency Type |
SECURITY |
| Date Created |
2018-05-21 16:33:41 |
| Date Last Modified |
2018-05-21 16:38:48 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in palemoon-27.9.2-i686-1 |
| Cucumber 1.0 x86_64 | fixed in palemoon-27.9.2-x86_64-1 |
| Cucumber 1.1 i686 |
fixed in palemoon-27.9.2-i686-1 |
| Cucumber 1.1 x86_64 |
fixed in palemoon-27.9.2-x86_64-1 |
Details:
Details from https://www.palemoon.org/releasenotes.shtml:
We changed the language strings for softblocked items so people will cry less
when we do our job.
(CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10.
(CVE-2018-5173) Fixed an issue in the Downloads panel improperly rendering some
Unicode characters, allowing for the file name to be spoofed. This
could be used to obscure the file extension of potentially executable
files from user view in the panel.
(CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a buffer
overflow and crash if it occurs.
(CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia library
resulting in possible out-of-bounds writes.
(CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating
attributes during SVG animations with clip paths.
(CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string
conversion within JavaScript with extremely large amounts of data. This
vulnerability requires the use of a malicious or vulnerable extension
in order to occur.
Fixed several stability issues (crashes) and memory safety hazards.