A total of four vulnerabilities have received patches and updates. The two critical issues are CVE-2018-48500 and CVE-2018-18501. The first of which is a user-after-free vulnerability that has the ability to occur when parsing an HTML5 stream in concert custom HTML elements. The parser is then free while still in use, which could cause an exploitable crash. The second are memory safety bugs that can be found in Firefox 64, Firefox ESR 60.4, and Thunderbird 60.4. A select number of the bugs had memory corruption and arbitrary code which could be used by attackers.
Analyst Notes
Users are recommended to download the proper updates and patches to help these issues. Mozilla’s page should be visited for more information.
