| Errata ID | 129 |
|---|---|
| Date | 2018-07-04 |
| Source package | firefox-esr |
| Fixed in version | 52.9.0esr-1~deb9u1 |
| Description | This update addresses the following issues: * Media recorder segmentation fault when track type is changed during capture (CVE-2018-5156) * Memory safety bugs fixed (CVE-2018-5188) * Heap buffer overflow rasterizing paths in SVG with Skia (CVE-2018-6126) * Buffer overflow using computed size of canvas element (CVE-2018-12359) * Use-after-free when using focus() (CVE-2018-12360) * Integer overflow in SSSE3 scaler (CVE-2018-12362) * Use-after-free when appending DOM nodes (CVE-2018-12363) * CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364) * Compromised IPC child process can list local filenames (CVE-2018-12365) * Invalid data handling during QCMS transformations (CVE-2018-12366) * No warning when opening executable SettingContent-ms (CVE-2018-12368) |
| Additional notes | |
| CVE ID | CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-5156 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5188 CVE-2018-6126 |
| UCS Bug number | #47285 |
