FreeBSD : mozilla -- multiple vulnerabilities (a891c5b4-3d7a-4de9-9c71-eef3fd698c77)
Critical Nessus Plugin ID 106288
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Mozilla Foundation reports :
CVE-2018-5091: Use-after-free with DTMF timers
CVE-2018-5092: Use-after-free in Web Workers
CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory
CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
CVE-2018-5098: Use-after-free while manipulating form input elements
CVE-2018-5099: Use-after-free with widget listener
CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory
CVE-2018-5101: Use-after-free with floating first-letter style elements
CVE-2018-5102: Use-after-free in HTML media elements
CVE-2018-5103: Use-after-free during mouse event handling
CVE-2018-5104: Use-after-free during font face manipulation
CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts
CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker
CVE-2018-5107: Printing process will follow symlinks for local file access
CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs
CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution
CVE-2018-5110: Cursor can be made invisible on OS X
CVE-2018-5111: URL spoofing in addressbar through drag and drop
CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel
CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts
CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs
CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access
CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
CVE-2018-5118: Activity Stream images can attempt to load local content through file :
CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers
CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
CVE-2018-5122: Potential integer overflow in DoCrypt
CVE-2018-5090: Memory safety bugs fixed in Firefox 58
CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
Solution
Update the affected packages.