Advisories ยป MGASA-2018-0483

Updated firefox packages fix security vulnerabilities

Publication date: 15 Dec 2018
Modification date: 15 Dec 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-12405 , CVE-2018-17466 , CVE-2018-18492 , CVE-2018-18493 , CVE-2018-18494 , CVE-2018-18498

Description

A buffer overflow and out-of-bounds read can occur in TextureStorage11
within the ANGLE graphics library, used for WebGL content. This results
in a potentially exploitable crash (CVE-2018-17466).

A use-after-free vulnerability can occur after deleting a selection
element due to a weak reference to the select element in the options
collection. This results in a potentially exploitable crash
(CVE-2018-18492).

A buffer overflow can occur in the Skia library during buffer offset
calculations with hardware accelerated canvas 2D actions due to the use
of 32-bit calculations instead of 64-bit. This results in a potentially
exploitable crash (CVE-2018-18493).

A same-origin policy violation allowing the theft of cross-origin URL
entries when using the Javascript location property to cause a
redirection to another site using performance.getEntries(). This is a
same-origin policy violation and could allow for data theft
(CVE-2018-19494).

A potential vulnerability leading to an integer overflow can occur during
buffer size calculations for images when a raw value is used instead of
the checked value. This leads to a possible out-of-bounds write
(CVE-2018-18498).

Memory safety bugs present in Firefox ESR 60.3, some of which showed
evidence of memory corruption and we presume that with enough effort
that some of these could be exploited to run arbitrary code
(CVE-2018-12405).
                

References

SRPMS

6/core