FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 63.0_1,1
waterfox < 56.2.5
linux-seamonkey < 2.49.5
seamonkey < 2.49.5
firefox-esr < 60.3.0,1
linux-firefox < 60.3.0,2
libxul < 60.3.0
linux-thunderbird < 60.3.0
thunderbird < 60.3.0

Details

VuXML ID 7c3a02b9-3273-4426-a0ba-f90fad2ff72e
Discovery 2018-10-23
Entry 2018-10-23

Mozilla Foundation reports:

CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin

CVE-2018-12392: Crash with nested event loops

CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript

CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting

CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts

CVE-2018-12397:

CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs

CVE-2018-12399: Spoofing of protocol registration notification bar

CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android

CVE-2018-12401: DOS attack through special resource URI parsing

CVE-2018-12402: SameSite cookies leak when pages are explicitly saved

CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP

CVE-2018-12388: Memory safety bugs fixed in Firefox 63

CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3

References

CVE Name CVE-2018-12388
CVE Name CVE-2018-12390
CVE Name CVE-2018-12391
CVE Name CVE-2018-12392
CVE Name CVE-2018-12393
CVE Name CVE-2018-12395
CVE Name CVE-2018-12396
CVE Name CVE-2018-12397
CVE Name CVE-2018-12398
CVE Name CVE-2018-12399
CVE Name CVE-2018-12400
CVE Name CVE-2018-12401
CVE Name CVE-2018-12402
CVE Name CVE-2018-12403
URL https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/
URL https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/