FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
libvorbis < 1.3.6,3
libtremor < 1.2.1.s20180316
firefox < 59.0.1,1
waterfox <
linux-seamonkey < 2.49.3
seamonkey < 2.49.3
firefox-esr < 52.7.2,1
linux-firefox < 52.7.2,2
libxul < 52.7.3
linux-thunderbird < 52.7.0
thunderbird < 52.7.0


VuXML ID 7943794f-707f-4e31-9fea-3bbf1ddcedc1
Discovery 2018-03-16
Entry 2018-03-16
Modified 2018-03-31

The Mozilla Foundation reports:

CVE-2018-5146: Out of bounds memory write in libvorbis

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

CVE-2018-5147: Out of bounds memory write in libtremor

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.


CVE Name CVE-2018-5146
CVE Name CVE-2018-5147