SynopsisA web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.
DescriptionThe version of Firefox installed on the remote macOS or Mac OS X host is prior to 65.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-04 advisory.
- A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. (CVE-2018-18356)
- An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash. (CVE-2019-5785)
- Cross-origin images can be read from a canvas element in violation of the same- origin policy using the transferFromImageBitmap method. *Note:
This only affects Firefox 65. Previous versions are unaffected.* (CVE-2018-18511)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Mozilla Firefox version 65.0.1 or later.