Government of the Republic of Trinidad and Tobago
gov.tt

TTCSIRT-198.020419: TT-CSIRT Advisory – FireFox Security Updates

TTCSIRT-198.020419: TT-CSIRT Advisory – FireFox Security Updates

Mozilla has released a security update stating that the following issues have been discovered in Mozilla FireFox ver 65.0:

a) A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations – (CVE-2018-18504).

b) A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements – (CVE-2018-18500).

c) When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations – (CVE-2018-18503).

Further information on these vulnerabilities and how they can be mitigated can be found on the Mozilla Website at https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/