{"id":"MGASA-2018-0305","summary":"Updated firefox packages fix security vulnerability","details":"Mozilla: Memory safety bugs fixed in Firefox ESR 52.9 (CVE-2018-5188).\n\nMozilla: Buffer overflow using computed size of canvas element\n(CVE-2018-12359).\n\nMozilla: Use-after-free using focus() (CVE-2018-12360).\n\nMozilla: Media recorder segmentation fault when track type is changed\nduring capture (CVE-2018-5156).\n\nMozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362).\n\nMozilla: Use-after-free when appending DOM nodes (CVE-2018-12363).\n\nMozilla: CSRF attacks through 307 redirects and NPAPI plugins\n(CVE-2018-12364).\n\nMozilla: Compromised IPC child process can list local filenames\n(CVE-2018-12365).\n\nMozilla: Invalid data handling during QCMS transformations\n(CVE-2018-12366).\n","modified":"2026-01-31T08:09:39.332191Z","published":"2018-07-01T17:17:14Z","related":["CVE-2018-12359","CVE-2018-12360","CVE-2018-12362","CVE-2018-12363","CVE-2018-12364","CVE-2018-12365","CVE-2018-12366","CVE-2018-5156","CVE-2018-5188"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0305.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23233"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/"},{"type":"REPORT","url":"https://www.mozilla.org/security/known-vulnerabilities/firefox-esr/"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2018:2113"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.9.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0305.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.9.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0305.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}