CLD-585 Details

Other IDs this deficiency may be known by:

CVE ID None
Other ID(s) fixed-in-60.3.0, mfsa2018-17

Basic Information:

Affected Package(s) firefox
Deficiency Type SECURITY
Date Created 2018-10-23 12:40:26
Date Last Modified 2018-10-23 14:39:39

Version Specific Information:

Cucumber 1.0 i686 fixed in firefox-60.3.0esr-i686-1
Cucumber 1.0 x86_64 fixed in firefox-60.3.0esr-x86_64-1

Cucumber 1.1 i686 fixed in firefox-60.3.0esr-i686-1
Cucumber 1.1 x86_64 fixed in firefox-60.3.0esr-x86_64-1

Details:

Fixed several CVEs:
CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
CVE-2018-12392: Crash with nested event loops
CVE-2018-12393: Integer overflow during Unicode conversion while loading
	JavaScript
CVE-2018-12395: WebExtension bypass of domain restrictions through header
	rewriting
CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
CVE-2018-12397: 
CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3
CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3

For more information see:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/