TTCSIRT-189.121318: TT-CSIRT Advisory – Mozilla Security Updates
Mozilla has released a security update stating that it has discovered the following issues with Microsoft FireFox ver 64.0:
a) A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module.
b) A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection.
c) A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit.
d) A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property can cause a redirection to another site using performance.getEntries().
| Further information on these vulnerabilities and how they can be mitigated can be found on the Mozilla Website at https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/ |