Patch/Configuration Management, Vulnerability Management

Mozilla issues critical patches for Firefox ESR 52.9, Firefox ESR 60.1, and Firefox 61

Share

Mozilla issued security advisories for Firefox ESR 52.9, Firefox ESR 60.1, and Firefox 61 with the majority being rated as critical or high.

Most of the vulnerabilities are spread over all three products including the critical rated CVE-2018- 12359, CVE-2018-12360, CVE-2018-12361 and CVE-2018-5188.

The first issue corrects a buffer overflow that can occure when rendering canvas content while adjusting the height and width of the <canvas> element dynamically, causing data to be written outside of the currently computed boundaries.

CVE-2018-12360 is a use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element.

CVE-2018-12361 in an integer overflow in SwizzleData that can occur in the code while calculating buffer sizes.

All these flaws can potentially result in an exploitable crash.

The last common vulnerability is CVE-2018-5188 is a memory safety bug that potentially has the ability to be exploited to run arbitrary code.

A critical code limited to Firefox 60 and Firefox ESR 60.1 is CVE-2018-5187, another memory safety problem that has the potential ability to run arbitrary code. The same memory code issue is covered in CVE-2018-5186 for Firefox 601.

Here is a quick breakdown of CVE by product:

Firefox ESR 60.1

CVE-2018- 12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-5156, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12371, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-5187, CVE-2018-5188

Firefox ESR 52.9

CVE-2018- 12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-5156, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-5188

Firefox 61

CVE-2018- 12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12358, CVE-2018-12362, CVE-2018-5156, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12371, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.