Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2019-04

Security vulnerabilities fixed in Firefox 65.0.1

Announced
February 12, 2019
Impact
high
Products
Firefox
Fixed in
  • Firefox 65.0.1

#CVE-2018-18356: Use-after-free in Skia

Reporter
Tran Tien Hung of Viettel Cyber Security
Impact
high
Description

A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.

References

#CVE-2019-5785: Integer overflow in Skia

Reporter
Ivan Fratric of Google Project Zero
Impact
high
Description

An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.

References

#CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext

Reporter
AaylaSecura1138
Impact
high
Description

Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method.
Note: This only affects Firefox 65. Previous versions are unaffected.

References