[FREEBSD:7943794F-707F-4E31-9FEA-3BBF1DDCEDC1] mozilla -- multiple vulnerabilities
Severity
Critical
Affected Packages
9
CVEs
2
The Mozilla Foundation reports:
CVE-2018-5146: Out of bounds memory write in libvorbis
An out of bounds memory write while processing Vorbis
audio data was reported through the Pwn2Own contest.
CVE-2018-5147: Out of bounds memory write in libtremor
The libtremor library has the same flaw as
CVE-2018-5146. This library is used by Firefox in place of
libvorbis on Android and ARM platforms.
Package | Affected Version |
---|---|
pkg:freebsd/waterfox | < 56.0.4.36_3 |
pkg:freebsd/thunderbird | < 52.7.0 |
pkg:freebsd/seamonkey | < 2.49.3 |
pkg:freebsd/linux-firefox | < 52.7.2,2 |
pkg:freebsd/libxul | < 52.7.3 |
pkg:freebsd/libvorbis | < 1.3.6,3 |
pkg:freebsd/libtremor | < 1.2.1.s20180316 |
pkg:freebsd/firefox-esr | < 52.7.2,1 |
pkg:freebsd/firefox | < 59.0.1,1 |
- ID
- FREEBSD:7943794F-707F-4E31-9FEA-3BBF1DDCEDC1
- Severity
- critical
- Severity from
- CVE-2018-5147
- URL
- http://vuxml.freebsd.org/freebsd/7943794f-707f-4e31-9fea-3bbf1ddcedc1.html
- Published
-
2018-03-16T00:00:00
(6 years ago) - Modified
-
2018-03-16T00:00:00
(6 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS-2018-981
- ALAS2-2018-981
- ALPINE:CVE-2018-5146
- ASA-201803-12
- ASA-201803-13
- ASA-201803-21
- ASA-201803-22
- DSA-4140-1
- DSA-4141-1
- DSA-4143-1
- DSA-4155-1
- ELSA-2018-0549
- ELSA-2018-0647
- ELSA-2018-0648
- ELSA-2018-0649
- ELSA-2018-1058
- FEDORA-2018-061bafe369
- FEDORA-2018-3de9cb411f
- FEDORA-2018-def329f680
- FEDORA-2018-f26d891469
- FEDORA-2019-2e385f97e2
- GLSA-201811-13
- MFSA-2018-08
- MFSA-2018-09
- openSUSE-SU-2018:0818-1
- openSUSE-SU-2018:0819-1
- RHSA-2018:0549
- RHSA-2018:0647
- RHSA-2018:0648
- RHSA-2018:0649
- RHSA-2018:1058
- SSA:2018-076-01
- SUSE-SU-2018:0783-1
- SUSE-SU-2018:0784-1
- SUSE-SU-2018:0850-1
- SUSE-SU-2018:0907-1
- USN-3545-1
- USN-3599-1
- USN-3604-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://www.mozilla.org/security/advisories/mfsa2018-08/ | ||
FreeBSD VuXML | https://www.mozilla.org/security/advisories/mfsa2018-09/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/waterfox | waterfox | < 56.0.4.36_3 | ||||
Affected | pkg:freebsd/thunderbird | thunderbird | < 52.7.0 | ||||
Affected | pkg:freebsd/seamonkey | seamonkey | < 2.49.3 | ||||
Affected | pkg:freebsd/linux-firefox | linux-firefox | < 52.7.2,2 | ||||
Affected | pkg:freebsd/libxul | libxul | < 52.7.3 | ||||
Affected | pkg:freebsd/libvorbis | libvorbis | < 1.3.6,3 | ||||
Affected | pkg:freebsd/libtremor | libtremor | < 1.2.1.s20180316 | ||||
Affected | pkg:freebsd/firefox-esr | firefox-esr | < 52.7.2,1 | ||||
Affected | pkg:freebsd/firefox | firefox | < 59.0.1,1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |