TTCSIRT-138.062918: TT-CSIRT Advisory – Mozilla Security Updates

TTCSIRT-138.062918: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that it has discovered the following vulnerabilities Firefox ESR 52.9:

a) Buffer overflow using computed size of canvas element – CVE-2018-12359.

b) Use-after-free when using focus() – CVE-2018-12360.

c) Integer overflow in SSSE3 scaler – CVE-2018-12362.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution.

Further information on these vulnerabilities and how they can be mitigated can be found on the Mozilla Website at https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/