Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Analysis Summary
Mozilla has released security updates to address the following vulnerabilities in Firefox and Firefox ESR.
CVE-2018-18356: Use-after-free in Skia (High Impact) A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash.
CVE-2019-5785: Integer overflow in Skia (High Impact) An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash.
CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext (High Impact) Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. (Only affects FireFox 65)
CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D (High Impact) A buffer overflow vulnerability in the Skia library can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR.
Impact
System Crash
System Access
Affected Products
Mozilla Firefox
Mozilla Firefox ESR
Remediation
Update to the following fixed versions:
Firefox 65.0.1
Firefox ESR 60.5.1