Advisories ยป MGASA-2018-0202

Updated firefox packages fix security vulnerability

Publication date: 15 Apr 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5125 , CVE-2018-5127 , CVE-2018-5129 , CVE-2018-5130 , CVE-2018-5131 , CVE-2018-5144 , CVE-2018-5145 , CVE-2018-5148


Memory safety bugs fixed in Firefox ESR 52.7 (CVE-2018-5125).

Buffer overflow manipulating SVG animatedPathSegList (CVE-2018-5127).

Out-of-bounds write with malformed IPC messages (CVE-2018-5129).

Mismatched RTP payload type can trigger memory corruption (CVE-2018-5130).

Fetch API improperly returns cached copies of no-store/no-cache resources

Integer overflow during Unicode conversion (CVE-2018-5144).

Memory safety bugs fixed in Firefox ESR 52.7 (CVE-2018-5145).

A use-after-free vulnerability can occur in the compositor during certain
graphics operations when a raw pointer is used instead of a reference counted
one. This results in a potentially exploitable crash (CVE-2018-5148).