FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 58.0_1,1
waterfox < 56.0.3.63
linux-seamonkey < 2.49.2
seamonkey < 2.49.2
firefox-esr < 52.6.0_1,1
linux-firefox < 52.6.0,2
libxul < 52.6.0
linux-thunderbird < 52.6.0
thunderbird < 52.6.0

Details

VuXML ID a891c5b4-3d7a-4de9-9c71-eef3fd698c77
Discovery 2018-01-23
Entry 2018-01-23
Modified 2018-01-29

Mozilla Foundation reports:

CVE-2018-5091: Use-after-free with DTMF timers

CVE-2018-5092: Use-after-free in Web Workers

CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing

CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory

CVE-2018-5095: Integer overflow in Skia library during edge builder allocation

CVE-2018-5097: Use-after-free when source document is manipulated during XSLT

CVE-2018-5098: Use-after-free while manipulating form input elements

CVE-2018-5099: Use-after-free with widget listener

CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory

CVE-2018-5101: Use-after-free with floating first-letter style elements

CVE-2018-5102: Use-after-free in HTML media elements

CVE-2018-5103: Use-after-free during mouse event handling

CVE-2018-5104: Use-after-free during font face manipulation

CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts

CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker

CVE-2018-5107: Printing process will follow symlinks for local file access

CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs

CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution

CVE-2018-5110: Cursor can be made invisible on OS X

CVE-2018-5111: URL spoofing in addressbar through drag and drop

CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel

CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow

CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts

CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs

CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access

CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right

CVE-2018-5118: Activity Stream images can attempt to load local content through file:

CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers

CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar

CVE-2018-5122: Potential integer overflow in DoCrypt

CVE-2018-5090: Memory safety bugs fixed in Firefox 58

CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6

[source]

References

CVE Name CVE-2018-5089
CVE Name CVE-2018-5090
CVE Name CVE-2018-5091
CVE Name CVE-2018-5092
CVE Name CVE-2018-5093
CVE Name CVE-2018-5094
CVE Name CVE-2018-5095
CVE Name CVE-2018-5097
CVE Name CVE-2018-5098
CVE Name CVE-2018-5099
CVE Name CVE-2018-5100
CVE Name CVE-2018-5101
CVE Name CVE-2018-5102
CVE Name CVE-2018-5103
CVE Name CVE-2018-5104
CVE Name CVE-2018-5105
CVE Name CVE-2018-5106
CVE Name CVE-2018-5107
CVE Name CVE-2018-5108
CVE Name CVE-2018-5109
CVE Name CVE-2018-5110
CVE Name CVE-2018-5111
CVE Name CVE-2018-5112
CVE Name CVE-2018-5113
CVE Name CVE-2018-5114
CVE Name CVE-2018-5115
CVE Name CVE-2018-5116
CVE Name CVE-2018-5117
CVE Name CVE-2018-5118
CVE Name CVE-2018-5119
CVE Name CVE-2018-5121
CVE Name CVE-2018-5122
URL https://www.mozilla.org/security/advisories/mfsa2018-02/
URL https://www.mozilla.org/security/advisories/mfsa2018-03/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.