[3.9] firefox-esr: Multiple vulnerabilities (CVE-2018-18335, CVE-2018-18356, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505, CVE-2019-5785)
CVE-2018-18500: Use-after-free parsing HTML5 stream
CVE-2018-18501: Memory safety bugs
CVE-2018-18505: Privilege escalation through IPC channel messages
Fixed In Version:
Firefox ESR 60.5
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/
CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D
CVE-2018-18356: Use-after-free in Skia
CVE-2019-5785: Integer overflow in Skia
Fixed In Version:
Firefox ESR 60.5.1
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
(from redmine: issue id 10059, created on 2019-03-05, closed on 2019-03-27)
- Relations:
- parent #10057 (closed)
- Changesets:
- Revision e344011d on 2019-03-25T10:47:33Z:
community/firefox-esr: upgrade to 60.5.2
3 CVEs have been fixed in 60.5.1, 60.5.2 seems to be mostly a bugfix
release. See: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
Fixes #10075
fixes #10059