This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. * Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. This results in a potentially exploitable crash. * A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths.
* A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. * Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. This update addresses the following issue(s): New Debian firefox-esr 52.9.0esr-1~deb8u1 fixes:
0 kommentar(er)
