MGASA-2018-0483

A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash (CVE-2018-17466).

A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash (CVE-2018-18492).

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash (CVE-2018-18493).

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft (CVE-2018-19494).

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write (CVE-2018-18498).

Memory safety bugs present in Firefox ESR 60.3, some of which showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code (CVE-2018-12405).