MGASA-2018-0480

Buffer overflow using computed size of canvas element. (CVE-2018-12359)

Use-after-free when using focus(). (CVE-2018-12360)

Integer overflow in SwizzleData. (CVE-2018-12361)

Integer overflow in SSSE3 scaler. (CVE-2018-12362)

Media recorder segmentation fault when track type is changed during capture. (CVE-2018-5156)

Use-after-free when appending DOM nodes. (CVE-2018-12363)

CSRF attacks through 307 redirects and NPAPI plugins. (CVE-2018-12364)

Compromised IPC child process can list local filenames. (CVE-2018-12365)

Integer overflow in Skia library during edge builder allocation. (CVE-2018-12371)

Invalid data handling during QCMS transformations. (CVE-2018-12366)

Timing attack mitigation of PerformanceNavigationTiming. (CVE-2018-12367)

No warning when opening executable SettingContent-ms files. (CVE-2018-12368)

Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60. (CVE-2018-5187)

Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 60. (CVE-2018-5188)

Use-after-free in refresh driver timers. (CVE-2018-12377)

Use-after-free in IndexedDB. (CVE-2018-12378)

Out-of-bounds write with malicious MAR file. (CVE-2018-12379)

Proxy bypass using automount and autofs. (CVE-2017-16541)

Crash in TransportSecurityInfo due to cached data. (CVE-2018-12385)

Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords. (CVE-2018-12383)

Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1. (CVE-2018-12376)

HTTP Live Stream audio data is accessible cross-origin. (CVE-2018-12391)

Crash with nested event loops. (CVE-2018-12392)

Integer overflow during Unicode conversion while loading JavaScript. (CVE-2018-12393)

Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3. (CVE-2018-12389)

Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3. (CVE-2018-12390)