Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Firefox Security Updates(mfsa_2018-11_2018-12)-MAC OS X
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Insight
Insight
Multiple flaws exists due to, - Use-after-free error with SVG animations and clip paths. - Use-after-free error with SVG animations and text paths. - Same-origin bypass of PDF Viewer to view protected PDF files. - Malicious PDF can inject JavaScript into PDF Viewer. - Integer overflow and out-of-bounds write errors in Skia. - Uninitialized memory use by WebRTC encoder. - WebExtensions information leak error through webRequest API. - Out-of-bounds read error in mixed content websocket messages. - Replacing cached data in JavaScript Start-up Bytecode Cache. - CSP not applied to all multipart content sent with multipart/x-mixed-replace. - WebExtension host permission bypass error through filterReponseData. - Improper linkification of chrome: and javascript: content in web console and JavaScript debugger. - Lightweight themes can be installed without user interaction. - Dragging and dropping link text onto home button can set home page to include chrome pages. - Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer. - File name spoofing of Downloads panel with Unicode characters. - Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update. - Universal CSP bypass error on sites using strict-dynamic in their policies. - JSON Viewer script injection. - Buffer overflow error in XSLT during number formatting. - Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox. - Heap-use-after-free error in mozilla::WebGLContext::DrawElementsInstanced. - Memory safety bugs fixed in Firefox 60.
Affected Software
Affected Software
Mozilla Firefox version before 60 on MAC OS X.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to Mozilla Firefox version 60 or later. Please see the references for more information.
Common Vulnerabilities and Exposures (CVE)
- CVE-2018-5154
- CVE-2018-5155
- CVE-2018-5157
- CVE-2018-5158
- CVE-2018-5159
- CVE-2018-5160
- CVE-2018-5152
- CVE-2018-5153
- CVE-2018-5163
- CVE-2018-5164
- CVE-2018-5166
- CVE-2018-5167
- CVE-2018-5168
- CVE-2018-5169
- CVE-2018-5172
- CVE-2018-5173
- CVE-2018-5174
- CVE-2018-5175
- CVE-2018-5176
- CVE-2018-5177
- CVE-2018-5180
- CVE-2018-5181
- CVE-2018-5182
- CVE-2018-5151
- CVE-2018-5150
- CVE-2018-5165