Government of the Republic of Trinidad and Tobago                                                                                                                                        


TTCSIRT-198.020419: TT-CSIRT Advisory – FireFox Security Updates

4th February 2019

Mozilla has released a security update stating that the following issues have been discovered in Mozilla FireFox ver 65.0:

a) A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations – (CVE-2018-18504).

b) A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements – (CVE-2018-18500).

c) When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations – (CVE-2018-18503).

Further information on these vulnerabilities and how they can be mitigated can be found on the Mozilla Website at