Firefox
Get the only browser built for people, not profit.
- Desktop
- Mobile
- Extensions
- Support
- Blog
Pocket
When you find something you want to view later, put it in Pocket.
- Get Pocket
Internet Health
Internet Health is crucial for the world to thrive. A healthy Internet is one that is private, inclusive, and collaborative.
Technology
Participate and explore our latest innovations — technology built in the open and designed to help keep the Internet healthy.
About Us
We’re Mozilla, the proudly non-profit champions of a healthy Internet – keeping it open and accessible to all.
- Our Mission
- Our History
- Leadership
- Foundation
- Blogs
- Careers
- Contact Us
Get Involved
You can help Mozilla keep the Internet healthy – attend an event, volunteer, or make a donation.
- Give
- Volunteer
- Events

Mozilla Foundation Security Advisory 2018-08

Out of bounds memory write while processing Vorbis audio data

Announced

March 16, 2018

Impact

critical

Products

Firefox, Firefox ESR

Fixed in

Firefox 59.0.1
Firefox ESR 52.7.2

#CVE-2018-5146: Out of bounds memory write in libvorbis

Reporter: Richard Zhu via Trend Micro's Zero Day Initiative
Impact: critical

Description

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

References

Bug 1446062

#CVE-2018-5147: Out of bounds memory write in libtremor

Reporter: Huzaifa Sidhpurwala
Impact: critical

Description

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.

References

Bug 1446365