ArchLinux: 201902-2: firefox: multiple issues

    Date11 Feb 2019
    CategoryArchLinux
    1125
    Posted ByLinuxSecurity Advisories
    The package firefox before version 65.0-1 is vulnerable to multiple issues including arbitrary code execution, privilege escalation and access restriction bypass.
    Arch Linux Security Advisory ASA-201902-2
    =========================================
    
    Severity: Critical
    Date    : 2019-02-06
    CVE-ID  : CVE-2018-18500 CVE-2018-18501 CVE-2018-18502 CVE-2018-18503
              CVE-2018-18504 CVE-2018-18505 CVE-2018-18506
    Package : firefox
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-862
    
    Summary
    =======
    
    The package firefox before version 65.0-1 is vulnerable to multiple
    issues including arbitrary code execution, privilege escalation and
    access restriction bypass.
    
    Resolution
    ==========
    
    Upgrade to 65.0-1.
    
    # pacman -Syu "firefox>=65.0-1"
    
    The problems have been fixed upstream in version 65.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2018-18500 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in Firefox < 65.0, that
    can occur while parsing an HTML5 stream in concert with custom HTML
    elements. This results in the stream parser object being freed while
    still in use, leading to a potentially exploitable crash.
    
    - CVE-2018-18501 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox < 65.0. Some of
    these bugs showed evidence of memory corruption and Mozilla presumes
    that with enough effort some of these could be exploited to run
    arbitrary code.
    
    - CVE-2018-18502 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox < 65.0. Some of
    these bugs showed evidence of memory corruption and Mozilla presumes
    that with enough effort some of these could be exploited to run
    arbitrary code.
    
    - CVE-2018-18503 (arbitrary code execution)
    
    A memory corruption vulnerability has been found in the Audio Buffer
    component of Firefox < 65.0. When JavaScript is used to create and
    manipulate an audio buffer, a potentially exploitable crash may occur
    because of a compartment mismatch in some situations.
    
    - CVE-2018-18504 (arbitrary code execution)
    
    A memory corruption and out-of-bounds read have been found in Firefox <
    65.0, that can occur when the buffer of a texture client is freed while
    it is still in use during graphic operations. This results in a
    potentially exploitable crash and the possibility of reading from the
    memory of the freed buffers.
    
    - CVE-2018-18505 (privilege escalation)
    
    A privilege escalation issue has been found in Firefox < 65.0. An
    earlier fix for an Inter-process Communication (IPC) vulnerability,
    CVE-2011-3079, added authentication to communication between IPC
    endpoints and server parents during IPC process creation. This
    authentication is insufficient for channels created after the IPC
    process is started, leading to the authentication not being correctly
    applied to later channels. This could allow for a sandbox escape
    through IPC channels due to lack of message validation in the listener
    process.
    
    - CVE-2018-18506 (access restriction bypass)
    
    When proxy auto-detection is enabled in Firefox < 65.0, if a web server
    serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded
    locally, this PAC file can specify that requests to the localhost are
    to be sent through the proxy to another server. This behavior is
    disallowed by default when a proxy is manually configured, but when
    enabled could allow for attacks on services and tools that bind to the
    localhost for networked behavior if they are accessed through browsing.
    
    Impact
    ======
    
    A remote attacker might be able to execute arbitrary code via a crafted
    web content, or force requests to localhost to be sent through a proxy
    to another server. A local attacker might be able to escape firefox's
    sandbox via privilege escalation .
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18500
    https://bugzilla.mozilla.org/show_bug.cgi?id=1510114
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18501
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1512450%2C1517542%2C1513201%2C1460619%2C1502871%2C1516738%2C1516514
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18502
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1499426%2C1480090%2C1472990%2C1514762%2C1501482%2C1505887%2C1508102%2C1508618%2C1511580%2C1493497%2C1510145%2C1516289%2C1506798%2C1512758
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18503
    https://bugzilla.mozilla.org/show_bug.cgi?id=1509442
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18504
    https://bugzilla.mozilla.org/show_bug.cgi?id=1496413
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18505
    https://bugzilla.mozilla.org/show_bug.cgi?id=1497749
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18506
    https://bugzilla.mozilla.org/show_bug.cgi?id=1503393
    https://security.archlinux.org/CVE-2018-18500
    https://security.archlinux.org/CVE-2018-18501
    https://security.archlinux.org/CVE-2018-18502
    https://security.archlinux.org/CVE-2018-18503
    https://security.archlinux.org/CVE-2018-18504
    https://security.archlinux.org/CVE-2018-18505
    https://security.archlinux.org/CVE-2018-18506
    
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.