MGASA-2018-0305

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2018-0305.html
Import Source
https://advisories.mageia.org/MGASA-2018-0305.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2018-0305
Related
Published
2018-07-01T17:17:14Z
Modified
2018-07-01T16:41:19Z
Summary
Updated firefox packages fix security vulnerability
Details

Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 (CVE-2018-5188).

Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359).

Mozilla: Use-after-free using focus() (CVE-2018-12360).

Mozilla: Media recorder segmentation fault when track type is changed during capture (CVE-2018-5156).

Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362).

Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363).

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364).

Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365).

Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366).

References
Credits

Affected packages

Mageia:6 / firefox

Package

Name
firefox
Purl
pkg:rpm/mageia/firefox?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
52.9.0-1.mga6

Ecosystem specific 

{
    "section": "core"
}

Mageia:6 / firefox-l10n

Package

Name
firefox-l10n
Purl
pkg:rpm/mageia/firefox-l10n?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
52.9.0-1.mga6

Ecosystem specific 

{
    "section": "core"
}