From 766c7c46383e45c6bff43a3e5eff02e04013940a Mon Sep 17 00:00:00 2001 From: Jan Beich Date: Fri, 8 Jun 2018 07:52:39 +0000 Subject: security/vuxml: mark firefox < 60.0.2 as vulnerable --- security/vuxml/vuln.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3721cbc3b992..78c13333a74d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,47 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + firefox -- Heap buffer overflow rasterizing paths in SVG with Skia + + + firefox + 60.0.2,1 + + + waterfox + 56.2.0.13_5 + + + firefox-esr + 52.8.1,1 + + + seamonkey + linux-seamonkey + 2.49.4 + + + + +

The Mozilla Foundation reports:

+
A heap buffer overflow can occur in the Skia library when + rasterizing paths using a maliciously crafted SVG file + with anti-aliasing turned off. This results in a + potentially exploitable crash.
+

+ + + + https://www.mozilla.org/security/advisories/mfsa2018-14/ + + + 2018-06-06 + 2018-06-08 + + + Flash Player -- multiple vulnerabilities -- cgit v1.2.3