説明
Multiple serious vulnerabilities were found in Mozilla Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions.
Below is a complete list of vulnerabilities:
- An use-after-free vulnerability in Skia can be exploited remotely via specially crafted website to execute arbitrary code;
- An integer overflow vulnerability in Skia can be exploited remotely via specially crafted website to cause denial of service;
- A cross-origin theft of images issue in ImageBitmapRenderingContext can be exploited to bypass security restrictions
- A buffer overflow vulnerability in Skia can be exploited remotely via specially crafted website to cause denial of service;
Technical details
Vulnerability (3) only affects Firefox 65.
Vulnerability (4) only affects Firefox ESR on macOS
オリジナルアドバイザリー
エクスプロイテーション
Public exploits exist for this vulnerability.
関連製品
CVEリスト
- CVE-2018-18335 critical
- CVE-2018-18356 critical
- CVE-2019-5785 high
- CVE-2018-18511 warning
も参照してください
お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com
この脆弱性についての記述に不正確な点がありますか? お知らせください!