[FREEBSD:7943794F-707F-4E31-9FEA-3BBF1DDCEDC1] mozilla -- multiple vulnerabilities
Severity
Critical
Affected Packages
9
CVEs
2
The Mozilla Foundation reports:
CVE-2018-5146: Out of bounds memory write in libvorbis
An out of bounds memory write while processing Vorbis
audio data was reported through the Pwn2Own contest.
CVE-2018-5147: Out of bounds memory write in libtremor
The libtremor library has the same flaw as
CVE-2018-5146. This library is used by Firefox in place of
libvorbis on Android and ARM platforms.
| Package | Affected Version |
|---|---|
 pkg:freebsd/waterfox
|
< 56.0.4.36_3 |
|
pkg:freebsd/thunderbird
|
< 52.7.0 |
|
pkg:freebsd/seamonkey
|
< 2.49.3 |
|
pkg:freebsd/linux-firefox
|
< 52.7.2,2 |
|
pkg:freebsd/libxul
|
< 52.7.3 |
|
pkg:freebsd/libvorbis
|
< 1.3.6,3 |
|
pkg:freebsd/libtremor
|
< 1.2.1.s20180316 |
|
pkg:freebsd/firefox-esr
|
< 52.7.2,1 |
|
pkg:freebsd/firefox
|
< 59.0.1,1 |
- ID
- FREEBSD:7943794F-707F-4E31-9FEA-3BBF1DDCEDC1
- Severity
- critical
- Severity from
- CVE-2018-5147
- URL
- http://vuxml.freebsd.org/freebsd/7943794f-707f-4e31-9fea-3bbf1ddcedc1.html
- Published
-
2018-03-16T00:00:00
(6 years ago) - Modified
-
2018-03-16T00:00:00
(6 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
-
ALAS-2018-981
-
ALAS2-2018-981
-
ALPINE:CVE-2018-5146
-
ASA-201803-12
-
ASA-201803-13
-
ASA-201803-21
-
ASA-201803-22
-
DSA-4140-1
-
DSA-4141-1
-
DSA-4143-1
-
DSA-4155-1
-
ELSA-2018-0549
-
ELSA-2018-0647
-
ELSA-2018-0648
-
ELSA-2018-0649
-
ELSA-2018-1058
-
FEDORA-2018-061bafe369
-
FEDORA-2018-3de9cb411f
-
FEDORA-2018-def329f680
-
FEDORA-2018-f26d891469
-
FEDORA-2019-2e385f97e2
-
GLSA-201811-13
-
MFSA-2018-08
-
MFSA-2018-09
-
openSUSE-SU-2018:0818-1
-
openSUSE-SU-2018:0819-1
-
RHSA-2018:0549
-
RHSA-2018:0647
-
RHSA-2018:0648
-
RHSA-2018:0649
-
RHSA-2018:1058
-
SSA:2018-076-01
-
SUSE-SU-2018:0783-1
-
SUSE-SU-2018:0784-1
-
SUSE-SU-2018:0850-1
-
SUSE-SU-2018:0907-1
-
USN-3545-1
-
USN-3599-1
-
USN-3604-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| FreeBSD VuXML |
|
||
| FreeBSD VuXML |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:freebsd/waterfox |
waterfox
|
< 56.0.4.36_3 | ||||
| Affected | pkg:freebsd/thunderbird |
thunderbird
|
< 52.7.0 | ||||
| Affected | pkg:freebsd/seamonkey |
seamonkey
|
< 2.49.3 | ||||
| Affected | pkg:freebsd/linux-firefox |
linux-firefox
|
< 52.7.2,2 | ||||
| Affected | pkg:freebsd/libxul |
libxul
|
< 52.7.3 | ||||
| Affected | pkg:freebsd/libvorbis |
libvorbis
|
< 1.3.6,3 | ||||
| Affected | pkg:freebsd/libtremor |
libtremor
|
< 1.2.1.s20180316 | ||||
| Affected | pkg:freebsd/firefox-esr |
firefox-esr
|
< 52.7.2,1 | ||||
| Affected | pkg:freebsd/firefox |
firefox
|
< 59.0.1,1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |