Out of bounds memory write while processing Vorbis audio data
- March 16, 2018
- Firefox, Firefox ESR
- Fixed in
- Firefox 59.0.1
- Firefox ESR 52.7.2
- Richard Zhu via Trend Micro's Zero Day Initiative
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.
- Huzaifa Sidhpurwala
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.
*Update: The 52.7.2 source release accidentally did not include this patch (the Mozilla-produced 52.7.2 binaries are fine). Anyone building 52.7.2 on ARM should use revision 5cd5586a2f48424a9031a3fa4c782954a9df9a52 instead of the released source.