{"id":"MGASA-2018-0202","summary":"Updated firefox packages fix security vulnerability","details":"Memory safety bugs fixed in Firefox ESR 52.7 (CVE-2018-5125).\n\nBuffer overflow manipulating SVG animatedPathSegList (CVE-2018-5127).\n\nOut-of-bounds write with malformed IPC messages (CVE-2018-5129).\n\nMismatched RTP payload type can trigger memory corruption (CVE-2018-5130).\n\nFetch API improperly returns cached copies of no-store/no-cache resources\n(CVE-2018-5131).\n\nInteger overflow during Unicode conversion (CVE-2018-5144).\n\nMemory safety bugs fixed in Firefox ESR 52.7 (CVE-2018-5145).\n\nA use-after-free vulnerability can occur in the compositor during certain\ngraphics operations when a raw pointer is used instead of a reference counted\none. This results in a potentially exploitable crash (CVE-2018-5148).\n","modified":"2026-04-16T06:22:46.797227723Z","published":"2018-04-15T13:33:47Z","upstream":["CVE-2018-5125","CVE-2018-5127","CVE-2018-5129","CVE-2018-5130","CVE-2018-5131","CVE-2018-5144","CVE-2018-5145","CVE-2018-5148"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0202.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22776"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/"},{"type":"WEB","url":"https://www.mozilla.org/security/known-vulnerabilities/firefox-esr/"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2018:0527"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.7.3-2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0202.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.7.3-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0202.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0202.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}