A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18493
Acknowledgments: Name: the Mozilla project Upstream: Atte Kettunen
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3831
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2018:3833
Statement: In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0159
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0160 https://access.redhat.com/errata/RHSA-2019:0160