The Mozilla Foundation reports:
CVE-2018-5146: Out of bounds memory write in libvorbis
An out of bounds memory write while processing Vorbis
audio data was reported through the Pwn2Own contest.
CVE-2018-5147: Out of bounds memory write in libtremor
The libtremor library has the same flaw as
CVE-2018-5146. This library is used by Firefox in place of
libvorbis on Android and ARM platforms.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | libvorbis | < 1.3.6,3 | UNKNOWN |
FreeBSD | any | noarch | libtremor | < 1.2.1.s20180316 | UNKNOWN |
FreeBSD | any | noarch | firefox | < 59.0.1,1 | UNKNOWN |
FreeBSD | any | noarch | waterfox | < 56.0.4.36_3 | UNKNOWN |
FreeBSD | any | noarch | seamonkey | < 2.49.3 | UNKNOWN |
FreeBSD | any | noarch | linux-seamonkey | < 2.49.3 | UNKNOWN |
FreeBSD | any | noarch | firefox-esr | < 52.7.2,1 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox | < 52.7.2,2 | UNKNOWN |
FreeBSD | any | noarch | libxul | < 52.7.3 | UNKNOWN |
FreeBSD | any | noarch | thunderbird | < 52.7.0 | UNKNOWN |