Arch Linux Security Advisory ASA-201812-9
========================================
Severity: Critical
Date    : 2018-12-12
CVE-ID  : CVE-2018-12405 CVE-2018-12406 CVE-2018-12407 CVE-2018-17466
          CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18495
          CVE-2018-18497
Package : firefox
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-833

Summary
======
The package firefox before version 64.0-1 is vulnerable to multiple
issues including arbitrary code execution, same-origin policy bypass
and access restriction bypass.

Resolution
=========
Upgrade to 64.0-1.

# pacman -Syu "firefox>=64.0-1"

The problems have been fixed upstream in version 64.0.

Workaround
=========
None.

Description
==========
- CVE-2018-12405 (arbitrary code execution)

Several memory safety bugs have been found in Firefox < 64.0. Some of
these bugs showed evidence of memory corruption and Mozilla presumes
that with enough effort some of these could be exploited to run
arbitrary code.

- CVE-2018-12406 (arbitrary code execution)

Several memory safety bugs have been found in Firefox < 64.0. Some of
these bugs showed evidence of memory corruption and Mozilla presumes
that with enough effort some of these could be exploited to run
arbitrary code.

- CVE-2018-12407 (arbitrary code execution)

A buffer overflow has been found in the Angle library used for WebGL
content by Firefox < 64.0, when drawing and validating elements with
the VertexBuffer11 module.

- CVE-2018-17466 (arbitrary code execution)

A buffer overflow and out-of-bounds read has been found in the
TextureStorage11 function of the Angle library, as used in the chromium
browser before 70.0.3538.67 and Firefox before 64.0.

- CVE-2018-18492 (arbitrary code execution)

A use-after-free has been found in Firefox < 64.0, after deleting a
selection element due to a weak reference to the select element in the
options collection.

- CVE-2018-18493 (arbitrary code execution)

A buffer overflow can occur in the Skia library use by Firefox < 64.0,
during buffer offset calculations with hardware accelerated canvas 2D
actions due to the use of 32-bit calculations instead of 64-bit.

- CVE-2018-18494 (same-origin policy bypass)

A same-origin policy violation has been found in Firefox < 64.0,
allowing the theft of cross-origin URL entries when using the
Javascript location property to cause a redirection to another site
using performance.getEntries().

- CVE-2018-18495 (access restriction bypass)

A security issue has been found in Firefox < 64.0, where WebExtension
content scripts can be loaded into about: pages in some circumstances,
in violation of the permissions granted to extensions. This could allow
an extension to interfere with the loading and usage of these pages and
use capabilities that were intended to be restricted from extensions.

- CVE-2018-18497 (access restriction bypass)

A security issue has been found in Firefox < 64.0, where limitations on
the URIs allowed to WebExtensions by the browser.windows.create API can
be bypassed when a pipe in the URL field is used within the extension
to load multiple pages as a single argument. This could allow a
malicious WebExtension to opened privileged about: or file: locations.

Impact
=====
A remote attacker can access sensitive information, bypass security
measures and execute arbitrary code on the affected host.

References
=========
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12405
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12406
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12407
https://bugzilla.mozilla.org/show_bug.cgi?id=1505973
https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail?id=880906
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-17466
https://bugzilla.mozilla.org/show_bug.cgi?id=1488295
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18492
https://bugzilla.mozilla.org/show_bug.cgi?id=1499861
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18493
https://bugzilla.mozilla.org/show_bug.cgi?id=1504452
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18494
https://bugzilla.mozilla.org/show_bug.cgi?id=1487964
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18495
https://bugzilla.mozilla.org/show_bug.cgi?id=1427585
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18497
https://bugzilla.mozilla.org/show_bug.cgi?id=1488180
https://security.archlinux.org/CVE-2018-12405
https://security.archlinux.org/CVE-2018-12406
https://security.archlinux.org/CVE-2018-12407
https://security.archlinux.org/CVE-2018-17466
https://security.archlinux.org/CVE-2018-18492
https://security.archlinux.org/CVE-2018-18493
https://security.archlinux.org/CVE-2018-18494
https://security.archlinux.org/CVE-2018-18495
https://security.archlinux.org/CVE-2018-18497

ArchLinux: 201812-9: firefox: multiple issues

December 12, 2018

Summary

- CVE-2018-12405 (arbitrary code execution) Several memory safety bugs have been found in Firefox < 64.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
- CVE-2018-12406 (arbitrary code execution)
Several memory safety bugs have been found in Firefox < 64.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
- CVE-2018-12407 (arbitrary code execution)
A buffer overflow has been found in the Angle library used for WebGL content by Firefox < 64.0, when drawing and validating elements with the VertexBuffer11 module.
- CVE-2018-17466 (arbitrary code execution)
A buffer overflow and out-of-bounds read has been found in the TextureStorage11 function of the Angle library, as used in the chromium browser before 70.0.3538.67 and Firefox before 64.0.
- CVE-2018-18492 (arbitrary code execution)
A use-after-free has been found in Firefox < 64.0, after deleting a selection element due to a weak reference to the select element in the options collection.
- CVE-2018-18493 (arbitrary code execution)
A buffer overflow can occur in the Skia library use by Firefox < 64.0, during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit.
- CVE-2018-18494 (same-origin policy bypass)
A same-origin policy violation has been found in Firefox < 64.0, allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries().
- CVE-2018-18495 (access restriction bypass)
A security issue has been found in Firefox < 64.0, where WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions.
- CVE-2018-18497 (access restriction bypass)
A security issue has been found in Firefox < 64.0, where limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file: locations.

Resolution

Upgrade to 64.0-1. # pacman -Syu "firefox>=64.0-1"
The problems have been fixed upstream in version 64.0.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12405 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12406 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12407 https://bugzilla.mozilla.org/show_bug.cgi?id=1505973 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail?id=880906 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-17466 https://bugzilla.mozilla.org/show_bug.cgi?id=1488295 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18492 https://bugzilla.mozilla.org/show_bug.cgi?id=1499861 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18493 https://bugzilla.mozilla.org/show_bug.cgi?id=1504452 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18494 https://bugzilla.mozilla.org/show_bug.cgi?id=1487964 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18495 https://bugzilla.mozilla.org/show_bug.cgi?id=1427585 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18497 https://bugzilla.mozilla.org/show_bug.cgi?id=1488180 https://security.archlinux.org/CVE-2018-12405 https://security.archlinux.org/CVE-2018-12406 https://security.archlinux.org/CVE-2018-12407 https://security.archlinux.org/CVE-2018-17466 https://security.archlinux.org/CVE-2018-18492 https://security.archlinux.org/CVE-2018-18493 https://security.archlinux.org/CVE-2018-18494 https://security.archlinux.org/CVE-2018-18495 https://security.archlinux.org/CVE-2018-18497

Severity
CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18495
CVE-2018-18497
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-833

Workaround

None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved