Mozilla has released security updates to address the following vulnerabilities in Firefox and Firefox ESR.
CVE-2018-18356: Use-after-free in Skia (High Impact) A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.
CVE-2019-5785: Integer overﬂow in Skia (High Impact) An integer overﬂow vulnerability in the Skia library can occur after speciﬁc transform operations, leading to a potentially exploitable crash.
CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext (High Impact) Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. (Only aﬀects FireFox 65)
CVE-2018-18335: Buﬀer overﬂow in Skia with accelerated Canvas 2D (High Impact) A buﬀer overﬂow vulnerability in the Skia library can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR.
Mozilla Firefox ESR
Update to the following ﬁxed versions:
Firefox ESR 60.5.1