Rewterz Threat Alert – DanaBot Malware Resurfaces with new features
February 13, 2019Rewterz Threat Advisory – CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability
February 13, 2019Rewterz Threat Alert – DanaBot Malware Resurfaces with new features
February 13, 2019Rewterz Threat Advisory – CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability
February 13, 2019Analysis Summary
Mozilla has released security updates to address the following vulnerabilities in Firefox and Firefox ESR.
CVE-2018-18356: Use-after-free in Skia (High Impact) A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.
CVE-2019-5785: Integer overflow in Skia (High Impact) An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.
CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext (High Impact) Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. (Only affects FireFox 65)
CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D (High Impact) A buffer overflow vulnerability in the Skia library can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR.
Impact
System Crash
System Access
Affected Products
Mozilla Firefox
Mozilla Firefox ESR
Remediation
Update to the following fixed versions:
Firefox 65.0.1
Firefox ESR 60.5.1