| Errata ID | 330 |
|---|---|
| Date | 2018-04-18 |
| Source package | firefox-esr |
| Fixed in version | 52.7.3esr-1~deb8u1 |
| Description | This update addresses the following issues: * CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList * CVE-2018-5129: Out-of-bounds write with malformed IPC messages * CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption * CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources * CVE-2018-5144: Integer overflow during Unicode conversion * CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 * CVE-2018-5146: Vorbis audio processing out of bounds write * CVE-2018-5147: Out of bounds memory write in libtremor * CVE-2018-5148: Use-after-free in compositor potentially allows code execution |
| Additional notes | |
| CVE ID | CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5125 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 |
| UCS Bug number | #46689 |
