Government of the Republic of Trinidad and Tobago

TTCSIRT-189.121318: TT-CSIRT Advisory – Mozilla Security Updates

TTCSIRT-189.121318: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that it has discovered the following issues with Microsoft FireFox ver 64.0:

a) A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module.

b) A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection.

c) A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit.

d) A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property can cause a redirection to another site using performance.getEntries().

Further information on these vulnerabilities and how they can be mitigated can be found on the Mozilla Website at