[MFSA-2019-04] Security vulnerabilities fixed in Firefox 65.0.1
Severity
High
Affected Packages
1
Fixed Packages
1
CVEs
3
CVE-2018-18356: Use-after-free in Skia (high)
A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext (high)
Cross-origin images can be read from a <code>canvas</code> element in violation of the same-origin policy using the <code>transferFromImageBitmap</code> method.
Note: This only affects Firefox 65. Previous versions are unaffected.CVE-2019-5785: Integer overflow in Skia (high)
An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.
Package | Affected Version |
---|---|
pkg:mozilla/Firefox | < 65.0.1 |
Package | Fixed Version |
---|---|
pkg:mozilla/Firefox | = 65.0.1 |
- ID
- MFSA-2019-04
- Severity
- high
- URL
- https://www.mozilla.org/en-US/security/advisories/mfsa2019-04
- Published
-
2019-02-12T00:00:00
(5 years ago) - Modified
-
2019-02-12T00:00:00
(5 years ago) - Other Advisories
-
- ALAS2-2019-1229
- ALPINE:CVE-2018-18356
- ALPINE:CVE-2018-18511
- ALPINE:CVE-2019-5785
- ASA-201812-2
- ASA-201902-16
- ASA-201902-23
- DSA-4352-1
- DSA-4391-1
- DSA-4392-1
- DSA-4448-1
- DSA-4451-1
- ELSA-2019-0373
- ELSA-2019-0374
- ELSA-2019-1265
- ELSA-2019-1267
- ELSA-2019-1269
- ELSA-2019-1308
- ELSA-2019-1309
- ELSA-2019-1310
- FEDORA-2019-348547a32d
- FEDORA-2019-859384e002
- FREEBSD:18211552-F650-4D86-BA4F-E6D5CBFCDBEB
- FREEBSD:546D4DD4-10EA-11E9-B407-080027EF1A23
- GLSA-201903-04
- GLSA-201904-07
- GLSA-201908-18
- MFSA-2019-05
- MFSA-2019-06
- MFSA-2019-14
- MFSA-2019-15
- openSUSE-SU-2018:4143-1
- openSUSE-SU-2019:0248-1
- openSUSE-SU-2019:0249-1
- openSUSE-SU-2019:0251-1
- openSUSE-SU-2019:1126-1
- openSUSE-SU-2019:1162-1
- openSUSE-SU-2019:1534-1
- openSUSE-SU-2019:1664-1
- RHSA-2018:3803
- RHSA-2019:0373
- RHSA-2019:0374
- RHSA-2019:0680
- RHSA-2019:0681
- RHSA-2019:1144
- RHSA-2019:1265
- RHSA-2019:1267
- RHSA-2019:1269
- RHSA-2019:1308
- RHSA-2019:1309
- RHSA-2019:1310
- SSA:2019-044-01
- SSA:2019-045-01
- SSA:2019-141-01
- SUSE-SU-2019:0469-1
- SUSE-SU-2019:0852-1
- SUSE-SU-2019:0853-1
- SUSE-SU-2019:0871-1
- SUSE-SU-2019:1458-1
- USN-3896-1
- USN-3897-1
- USN-3997-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1525817 | https://bugzilla.mozilla.org/show_bug.cgi?id=1525817 | |
Bugzilla | 1526218 | https://bugzilla.mozilla.org/show_bug.cgi?id=1526218 | |
Bugzilla | 1525433 | https://bugzilla.mozilla.org/show_bug.cgi?id=1525433 | |
The Curious Case of Convexity Confusion | https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |