Mozilla Foundation has issued security advisories for several vulnerabilities in Firefox ESR 60.5.1 and Firefox 65.0.1.
The updates patch a use-after-free in skia flaw, an integer overflow in Skia flaw, and a buffer overflow in Skia with accelerated Canvas 2D vulnerability in Firefox ESR 60.5.1, all of which are rated high.
The buffer overflow flaw can occur with the Canvas 2D acceleration on macOS and does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default.
The Firefox 65.0.1 also included a fix for a use-after-free in skia and integer overflow in skia in addition to a Cross-origin theft of images with ImageBitmapRenderingContext vulnerability, all of which are also rate High.
The cross origin, images vulnerability allows images to be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. Researchers recommend users update their systems as soon as possible.