CLD-636 Details
Other IDs this deficiency may be known by:
| CVE ID |
None |
| Other ID(s) |
fixed-in-60.4.0 |
Basic Information:
| Affected Package(s) |
firefox |
| Deficiency Type |
SECURITY |
| Date Created |
2018-12-15 12:52:33 |
| Date Last Modified |
2018-12-15 12:55:52 |
Version Specific Information:
| Cucumber 1.1 i686 |
fixed in firefox-60.4.0esr-i686-1 |
| Cucumber 1.1 x86_64 |
fixed in firefox-60.4.0esr-x86_64-1 |
Details:
Fixes the following CVEs:
CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with
TextureStorage11
CVE-2018-18492: Use-after-free with select element
CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
CVE-2018-18494: Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs
CVE-2018-18498: Integer overflow when calculating buffer sizes for images
CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
For details on these vulnerabilities, see Mozilla's official report at
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/