Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

TTCSIRT-189.121318: TT-CSIRT Advisory – Mozilla Security Updates

13th December 2018

Mozilla has released a security update stating that it has discovered the following issues with Microsoft FireFox ver 64.0:

a) A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module.

b) A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection.

c) A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit.

d) A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property can cause a redirection to another site using performance.getEntries().

Further information on these vulnerabilities and how they can be mitigated can be found on the Mozilla Website at https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/