Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2019-05

Security vulnerabilities fixed in Firefox ESR 60.5.1

Announced
February 12, 2019
Impact
high
Products
Firefox ESR
Fixed in
  • Firefox ESR 60.5.1

#CVE-2018-18356: Use-after-free in Skia

Reporter
Tran Tien Hung of Viettel Cyber Security
Impact
high
Description

A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.

References

#CVE-2019-5785: Integer overflow in Skia

Reporter
Ivan Fratric of Google Project Zero
Impact
high
Description

An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.

References

#CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D

Reporter
Anonymous
Impact
high
Description

A buffer overflow vulnerability in the Skia library can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR.
Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default.

References