Debian Firefox vulnerabilities

CVE-2018-5104 [CRITICAL] CVE-2018-5104: firefox - A use-after-free vulnerability can occur during font face manipulation when a fo... A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-12387 [CRITICAL] CVE-2018-12387: firefox - A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push w... A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox

CVE-2018-5128 [CRITICAL] CVE-2018-5128: firefox - A use-after-free vulnerability can occur when manipulating elements, events, and... A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-5098 [CRITICAL] CVE-2018-5098: firefox - A use-after-free vulnerability can occur when form input elements, focus, and se... A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-18504 [CRITICAL] CVE-2018-18504: firefox - A crash and out-of-bounds read can occur when the buffer of a texture client is ... A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65. Scope: local sid: resolved (fixed in 65.0-1)

CVE-2018-12407 [CRITICAL] CVE-2018-12407: firefox - A buffer overflow occurs when drawing and validating elements with the ANGLE gra... A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64. Scope: local sid: resolved (fixed in 64.0-1)

CVE-2018-5116 [CRITICAL] CVE-2018-5116: firefox - WebExtensions with the "ActiveTab" permission are able to access frames hosted w... WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58. Scope: local

CVE-2018-5155 [CRITICAL] CVE-2018-5155: firefox - A use-after-free vulnerability can occur while adjusting layout during SVG anima... A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Scope: local sid: resolved (fixed in 60.0-1)

CVE-2018-5156 [CRITICAL] CVE-2018-5156: firefox - A vulnerability can occur when capturing a media stream when the media source ty... A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Scope: local sid: resolved (fixed in 61

CVE-2018-12378 [CRITICAL] CVE-2018-12378: firefox - A use-after-free vulnerability can occur when an IndexedDB index is deleted whil... A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Scope: local sid: resolved (fixed in 62.0-1)

CVE-2018-5092 [CRITICAL] CVE-2018-5092: firefox - A use-after-free vulnerability can occur when the thread for a Web Worker is fre... A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-5188 [CRITICAL] CVE-2018-5188: firefox - Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. ... Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Scope:

CVE-2018-5090 [CRITICAL] CVE-2018-5090: firefox - Memory safety bugs were reported in Firefox 57. Some of these bugs showed eviden... Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-18505 [CRITICAL] CVE-2018-18505: firefox - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-... An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. Th

CVE-2018-18493 [CRITICAL] CVE-2018-18493: firefox - A buffer overflow can occur in the Skia library during buffer offset calculation... A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Scope: local sid: resolved (fixed in 64.0-1)

CVE-2018-5099 [CRITICAL] CVE-2018-5099: firefox - A use-after-free vulnerability can occur when the widget listener is holding str... A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Scope: local sid: resolved (fixed in 58.0-1)

CVE-2018-12376 [CRITICAL] CVE-2018-12376: firefox - Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bug... Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Scope: local sid: resolved (fixed in 62.0-1)

CVE-2018-5126 [CRITICAL] CVE-2018-5126: firefox - Memory safety bugs were reported in Firefox 58. Some of these bugs showed eviden... Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59. Scope: local sid: resolved (fixed in 59.0-1)

CVE-2018-18502 [CRITICAL] CVE-2018-18502: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65. Scope: local sid: resolved (fixed in 65.0-1)

CVE-2018-18498 [CRITICAL] CVE-2018-18498: firefox - A potential vulnerability leading to an integer overflow can occur during buffer... A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Scope: local sid: resolved (fixed in 64.0-1)