Ref# Mozilla | Date: Jan 20th 2019

---

Description

The Mozilla foundation has released several security vulnerability fixes for Firefox 64 and Firefox ESR 60.4. These vulnerabilities include 2 critical, 5 high, 3 moderate and 1 low rated impact.

The vulnerabilities addressed with these security updates are: 

Critical

• Memory safety bugs fixed in Firefox 64 (CVE-2018-12406)

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129

• Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405)

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471

High

• Buffer overflow with ANGLE library when using vertexBuffer11 module (CVE-2018-12407)

         https://bugzilla.mozilla.org/show_bug.cgi?id=1488295

• Buffer overflow and out-of-bounds read in ANGLE Library with Texture storage 11
• https://bugzilla.mozilla.org/show_bug.cgi?id=1488295
• Use-after-free with select element (CVE-2018-18492)

          https://bugzilla.mozilla.org/show_bug.cgi?id=1499861

• Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18793)

          https://bugzilla.mozilla.org/show_bug.cgi?id=1504452

• Same-orgin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

          https://bugzilla.mozilla.org/show_bug.cgi?id=1487964

Low

• Integer overflow when calculating buffer sizes for images (CVE-2018-18498)

         https://bugzilla.mozilla.org/show_bug.cgi?id=1500011

Reference

Mozilla Foundation Security

https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/