[3.8] firefox-esr: Multiple vulnerabilities (CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, CVE-2018-5183)
CVE-2018-5150: Memory safety bugs
CVE-2018-5154: Use-after-free with SVG animations and clip paths
CVE-2018-5155: Use-after-free with SVG animations and text paths
CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF
files
CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
CVE-2018-5168: Lightweight themes can be installed without user
interaction
CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion
through legacy extension
CVE-2018-5183: Backport critical security fixes in Skia
Fixed In:
Firefox ESR 52.8
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/
(from redmine: issue id 8891, created on 2018-05-16, closed on 2018-05-22)
- Relations:
- copied_to #8890 (closed)
- parent #8890 (closed)
- Changesets:
- Revision 7fc2bf34 by Natanael Copa on 2018-05-21T16:04:24Z:
community/firefox-esr: security upgrade to 52.8.0
fixes #8891