[MFSA-2019-04] Security vulnerabilities fixed in Firefox 65.0.1

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 3

CVE-2018-18356: Use-after-free in Skia (high)
A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.
CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext (high)
Cross-origin images can be read from a <code>canvas</code> element in violation of the same-origin policy using the <code>transferFromImageBitmap</code> method.
Note: This only affects Firefox 65. Previous versions are unaffected.
CVE-2019-5785: Integer overflow in Skia (high)
An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.

Package	Affected Version
pkg:mozilla/Firefox	< 65.0.1

Package	Fixed Version
pkg:mozilla/Firefox	= 65.0.1

ID

MFSA-2019-04

Severity

high

URL

Published

2019-02-12T00:00:00
(5 years ago)

Modified

2019-02-12T00:00:00
(5 years ago)

Other Advisories

Source	# ID	Name	URL
Bugzilla	1525817		https://bugzilla.mozilla.org/show_bug.cgi?id=1525817
Bugzilla	1526218		https://bugzilla.mozilla.org/show_bug.cgi?id=1526218
Bugzilla	1525433		https://bugzilla.mozilla.org/show_bug.cgi?id=1525433
		The Curious Case of Convexity Confusion	https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:mozilla/Firefox		Firefox	< 65.0.1
Fixed	pkg:mozilla/Firefox		Firefox	= 65.0.1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date