| Errata ID | 386 |
|---|---|
| Date | 2018-12-19 |
| Source package | firefox-esr |
| Fixed in version | 60.4.0esr-1~deb9u1 |
| Description | This update addresses the following issues: * Memory safety bugs fixed (CVE-2018-12405) * Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 (CVE-2018-17466) * Use-after-free with select element (CVE-2018-18492) * Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Integer overflow when calculating buffer sizes for images (CVE-2018-18498) |
| Additional notes | |
| CVE ID | CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 |
| UCS Bug number | #48319 |
