CLD-636 Details

Other IDs this deficiency may be known by:

Other ID(s) fixed-in-60.4.0

Basic Information:

Affected Package(s) firefox
Deficiency Type SECURITY
Date Created 2018-12-15 12:52:33
Date Last Modified 2018-12-15 12:55:52

Version Specific Information:

Cucumber 1.1 i686 fixed in firefox-60.4.0esr-i686-1
Cucumber 1.1 x86_64 fixed in firefox-60.4.0esr-x86_64-1


Fixes the following CVEs:

CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with
CVE-2018-18492: Use-after-free with select element
CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
CVE-2018-18494: Same-origin policy violation using location attribute and
	performance.getEntries to steal cross-origin URLs
CVE-2018-18498: Integer overflow when calculating buffer sizes for images
CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4

For details on these vulnerabilities, see Mozilla's official report at