ArchLinux: 201902-16: firefox: multiple issues

    Date18 Feb 2019
    CategoryArchLinux
    681
    Posted ByLinuxSecurity Advisories
    The package firefox before version 65.0.1-1 is vulnerable to multiple issues including arbitrary code execution and same-origin policy bypass.
    Arch Linux Security Advisory ASA-201902-16
    ==========================================
    
    Severity: High
    Date    : 2019-02-13
    CVE-ID  : CVE-2018-18356 CVE-2018-18511 CVE-2019-5785
    Package : firefox
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-896
    
    Summary
    =======
    
    The package firefox before version 65.0.1-1 is vulnerable to multiple
    issues including arbitrary code execution and same-origin policy
    bypass.
    
    Resolution
    ==========
    
    Upgrade to 65.0.1-1.
    
    # pacman -Syu "firefox>=65.0.1-1"
    
    The problems have been fixed upstream in version 65.0.1.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2018-18356 (arbitrary code execution)
    
    A use-after-free has been found in the Skia component of chromium
    before 71.0.3578.80 and firefox before 65.0.1.
    
    - CVE-2018-18511 (same-origin policy bypass)
    
    A cross-origin theft of images issue has been found in the
    ImageBitmapRenderingContext component of firefox 65.0, where cross-
    origin images can be read from a canvas element in violation of the
    same-origin policy using the transferFromImageBitmap method. The issue
    has been fixed in 65.0.1 and versions prior to 65.0 were not affected.
    
    - CVE-2019-5785 (arbitrary code execution)
    
    An integer overflow issue has been found in the Skia component of
    firefox before 65.0.1.
    
    Impact
    ======
    
    A remote attacker can bypass the same-origin policy to access sensitive
    information, or execute arbitrary code, via a crafted web content.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/
    https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
    https://bugs.chromium.org/p/chromium/issues/detail?id=883666
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18356
    https://bugzilla.mozilla.org/show_bug.cgi?id=1525817
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2019-5785
    https://bugzilla.mozilla.org/show_bug.cgi?id=1526218
    https://bugzilla.mozilla.org/show_bug.cgi?id=1525433
    https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html
    https://security.archlinux.org/CVE-2018-18356
    https://security.archlinux.org/CVE-2018-18511
    https://security.archlinux.org/CVE-2019-5785
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.