Mozilla Foundation Security Advisory 2019-04
Security vulnerabilities fixed in Firefox 65.0.1
- February 12, 2019
- Fixed in
- Firefox 65.0.1
#CVE-2018-18356: Use-after-free in Skia
- Tran Tien Hung of Viettel Cyber Security
A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.
#CVE-2019-5785: Integer overflow in Skia
- Ivan Fratric of Google Project Zero
An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.
#CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
Cross-origin images can be read from a
canvas element in violation of the same-origin policy using the
Note: This only affects Firefox 65. Previous versions are unaffected.