Vulnerability & Exploit Database

Back to search

FreeBSD: VID-D10B49B2-8D02-49E8-AFDE-0844626317AF (CVE-2018-18493): mozilla -- multiple vulnerabilities

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) December 11, 2018 December 12, 2018 December 12, 2018

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-D10B49B2-8D02-49E8-AFDE-0844626317AF:

Mozilla Foundation reports:

CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module

CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11

CVE-2018-18492: Use-after-free with select element

CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia

CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

CVE-2018-18495: WebExtension content scripts can be loaded in about: pages

CVE-2018-18496: Embedded feed preview page can be abused for clickjacking

CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators

CVE-2018-18498: Integer overflow when calculating buffer sizes for images

CVE-2018-12406: Memory safety bugs fixed in Firefox 64

CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

freebsd-upgrade-package-firefox