2018-05-23
ALT-BU-2018-3261-1
Branch c8 update bulletin.
Package firefox-esr updated to version 52.7.3-alt0.M80C.1 for branch c8 in task 203029.
Closed vulnerabilities
Published: 2018-06-11
BDU:2021-04143
Уязвимость браузеров Mozilla Firefox, Firefox ESR, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-06-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-5148
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- 103506
- 103506
- 1040574
- 1040574
- RHSA-2018:1098
- RHSA-2018:1098
- RHSA-2018:1099
- RHSA-2018:1099
- https://bugzilla.mozilla.org/show_bug.cgi?id=1440717
- https://bugzilla.mozilla.org/show_bug.cgi?id=1440717
- [debian-lts-announce] 20180327 [SECURITY] [DLA 1321-1] firefox-esr security update
- [debian-lts-announce] 20180327 [SECURITY] [DLA 1321-1] firefox-esr security update
- USN-3609-1
- USN-3609-1
- DSA-4153
- DSA-4153
- https://www.mozilla.org/security/advisories/mfsa2018-10/
- https://www.mozilla.org/security/advisories/mfsa2018-10/