Mozilla issued security advisories for Firefox ESR 52.9, Firefox ESR 60.1, and Firefox 61 with the majority being rated as critical or high.
Most of the vulnerabilities are spread over all three products including the critical rated CVE-2018- 12359, CVE-2018-12360, CVE-2018-12361 and CVE-2018-5188.
The first issue corrects a buffer overflow that can occure when rendering canvas content while adjusting the height and width of the <canvas> element dynamically, causing data to be written outside of the currently computed boundaries.
CVE-2018-12360 is a use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element.
CVE-2018-12361 in an integer overflow in SwizzleData that can occur in the code while calculating buffer sizes.
All these flaws can potentially result in an exploitable crash.
The last common vulnerability is CVE-2018-5188 is a memory safety bug that potentially has the ability to be exploited to run arbitrary code.
A critical code limited to Firefox 60 and Firefox ESR 60.1 is CVE-2018-5187, another memory safety problem that has the potential ability to run arbitrary code. The same memory code issue is covered in CVE-2018-5186 for Firefox 601.
Here is a quick breakdown of CVE by product:
Firefox ESR 60.1
CVE-2018- 12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-5156, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12371, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-5187, CVE-2018-5188
Firefox ESR 52.9
CVE-2018- 12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-5156, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-5188
Firefox 61
CVE-2018- 12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12358, CVE-2018-12362, CVE-2018-5156, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12371, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188
