==================================================================== CERT-Renater Note d'Information No. 2018/VULN105 _____________________________________________________________________ DATE : 20/03/2018 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Firefox versions prior to 59.0.1, ESR 52.7.2. ===================================================================== https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/ _____________________________________________________________________ Mozilla Foundation Security Advisory 2018-08 Out of bounds memory write while processing Vorbis audio data Announced March 16, 2018 Impact critical Products Firefox, Firefox ESR Fixed in Firefox 59.0.1 Firefox ESR 52.7.2 #CVE-2018-5146: Out of bounds memory write in libvorbis Reporter Richard Zhu via Trend Micro's Zero Day Initiative Impact critical Description An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. References Bug 1446062 #CVE-2018-5147: Out of bounds memory write in libtremor Reporter Huzaifa Sidhpurwala Impact critical Description The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. References Bug 1446365 ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================