Opened 5 years ago
Closed 5 years ago
#11668 closed enhancement (fixed)
firefox-65.0.1 (CVE-2018-18356 CVE-2019-5785 CVE-2018-18511)
| Reported by: | Douglas R. Reno | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | 8.4 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
Change History (3)
comment:1 by , 5 years ago
| Priority: | normal → high |
|---|---|
| Summary: | firefox-65.0.1 → firefox-65.0.1 (CVE-2018-18356 CVE-2019-5785 CVE-2018-18511) |
comment:2 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Diffing to 65.0, lots of changes in the test data, particularly certificates used in tests, and also to css tests (newer version of Win10 is referenced). The python configury for system libvpx has been changed (used to require >= 1.5.0, now requires >= 1.7.0 - but since the actual code has not changed, the reported breakage from 1.8.0 (which I have not installed) will persist.
Will test and re-measure.
Note:
See TracTickets
for help on using tickets.
Fixed Fixed accidental requests to addons.mozilla.org when an addon recommendation doorhanger is shown (bug 1526387) Improved playback of interactive Netflix videos (bug 1524500) Fixed color management not working on macOS (bug 1506495) Fixed incorrect sizing of the "Clear Recent History" window in some situations (bug 1523696) Fixed audio & video delays while making WebRTC calls (bug 1521577 & bug 1523817) Fixed video sizing problems during some WebRTC calls (bug 1520200) Fixed looping CONNECT requests when using WebSockets over HTTP/2 from behind a proxy server (bug 1523427) Fixed the "Enter" key not working on password entry fields for certain Linux distributions (bug 1523635) Various stability and security fixes. Developer Made support for <meta> viewport tags in Responsive Design Mode, initially enabled in Firefox 64, pref-controlled and off by default (bug 1521814). To restore the previous behavior, change the devtools.responsive.metaViewport.enabled pref to true.Mozilla Foundation Security Advisory 2019-04 Security vulnerabilities fixed in Firefox 65.0.1 Announced February 12, 2019 Impact high Products Firefox Fixed in Firefox 65.0.1 #CVE-2018-18356: Use-after-free in Skia Reporter Tran Tien Hung of Viettel Cyber Security Impact high Description A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. References Bug 1525817 #CVE-2019-5785: Integer overflow in Skia Reporter Ivan Fratric of Google Project Zero Impact high Description An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash. References Bug 1525433 The Curious Case of Convexity Confusion #CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext Reporter AaylaSecura1138 Impact high Description Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. Note: This only affects Firefox 65. Previous versions are unaffected. References Bug 1526218