CLD-410 Details

Other IDs this deficiency may be known by:

Other ID(s) fixed-in-27.9.2

Basic Information:

Affected Package(s) palemoon
Deficiency Type SECURITY
Date Created 2018-05-21 16:33:41
Date Last Modified 2018-05-21 16:38:48

Version Specific Information:

Cucumber 1.0 i686fixed in palemoon-27.9.2-i686-1
Cucumber 1.0 x86_64fixed in palemoon-27.9.2-x86_64-1

Cucumber 1.1 i686 fixed in palemoon-27.9.2-i686-1
Cucumber 1.1 x86_64 fixed in palemoon-27.9.2-x86_64-1


Details from

We changed the language strings for softblocked items so people will cry less
	when we do our job.
(CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10.
(CVE-2018-5173) Fixed an issue in the Downloads panel improperly rendering some
	Unicode characters, allowing for the file name to be spoofed. This
	could be used to obscure the file extension of potentially executable
	files from user view in the panel.
(CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a buffer
	overflow and crash if it occurs.
(CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia library
	resulting in possible out-of-bounds writes.
(CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating
	attributes during SVG animations with clip paths.
(CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string
	conversion within JavaScript with extremely large amounts of data. This
	vulnerability requires the use of a malicious or vulnerable extension
	in order to occur.
Fixed several stability issues (crashes) and memory safety hazards.