This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. (CVE-2018-5099) - A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. (CVE-2018-5098) - A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This results in a potentially exploitable crash. (CVE-2018-5097) - A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. (CVE-2018-5096) - A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6. (CVE-2018-5095) - A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. (CVE-2018-5091) - An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58. (CVE-2018-5089) - A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-5145) - Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-5144) - Memory safety bugs were reported in Firefox ESR 52.6. (CVE-2018-5131) - An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. (CVE-2018-5130) - Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. (CVE-2018-5129) - When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. This can potentially allow for sandbox escape through memory corruption in the parent process. (CVE-2018-5127) - A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. (CVE-2018-5125) - A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. Description The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Synopsis The remote machine is affected by multiple vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |