Multiple vulnerabilities in Mozilla Firefox



Published: 2018-03-13
Risk High
Patch available YES
Number of vulnerabilities 18
CVE-ID CVE-2018-5127
CVE-2018-5128
CVE-2018-5129
CVE-2018-5130
CVE-2018-5131
CVE-2018-5132
CVE-2018-5133
CVE-2018-5134
CVE-2018-5135
CVE-2018-5136
CVE-2018-5137
CVE-2018-5138
CVE-2018-5140
CVE-2018-5141
CVE-2018-5142
CVE-2018-5143
CVE-2018-5126
CVE-2018-5125
CWE-ID CWE-120
CWE-416
CWE-787
CWE-119
CWE-200
CWE-20
CWE-264
CWE-451
CWE-284
CWE-79
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Mozilla Firefox
Client/Desktop applications / Web browsers

Vendor Mozilla

Security Bulletin

This security bulletin contains information about 18 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU10967

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5127

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when manipulating the SVg animatedPathSegList through script. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free error

EUVDB-ID: #VU10974

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5128

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when manipulating elements, events, and selection ranges during editor operations. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU10968

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5129

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a lack of parameter validation on IPC messages. A remote attacker can supply specially crafted malformed IPC messages, trigger out-of-bounds write, escape sandbox and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

EUVDB-ID: #VU10969

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5130

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a lack of parameter validation on IPC messages. A remote attacker can send packets with a mismatched RTP payload type in WebRTC connections, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU10970

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5131

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. A remote attacker can share a common profile while browsing and access previously stored, locally cached data of a website.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU10975

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5132

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the Find API for WebExtensions can search some privileged pages, such as about:debugging, if these pages are open in a tab. A remote attacker can tuse a malicious WebExtension to search for otherwise protected data if a user has it open.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information disclosure

EUVDB-ID: #VU10976

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5133

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper sanitization of HTML and script content. A local attacker can use a specially crafted program to change the app.support.baseURL preference, load chrome://browser/content/preferences/in-content/preferences.xul directly in a tab, bypass security restrictions and execute a search whenever an EME video player plugin displays a CDM-disabled message as a notification message.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU10977

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5134

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially information on the target system.

The weakness exists due to improper sanitization of user-supplied input. A remote attacker can supply WebExtensions that may use view-source: URLs to view local file: URL content, as well as content stored in about:cache to bypass security restrictions and view specific content.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Security restrictions bypass

EUVDB-ID: #VU10978

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5135

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper sanitization of user-supplied input. A remote attacker can supply WebExtensions to bypass normal restrictions in some circumstances and use browser.tabs.executeScript to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged about: pages.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Cross-origin bypass

EUVDB-ID: #VU10980

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5136

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can share a shared worker created from a data: URL in one tab by another tab with a different origin and bypass the same-origin policy.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Security restrictions bypass

EUVDB-ID: #VU10981

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5137

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can use a maliciously crafted path string to reference the resource and load a legacy extension's non-contentaccessible, defined resources by an arbitrary web page through script.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Spoofing attack

EUVDB-ID: #VU10982

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5138

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct spoofing attack.

The vulnerability exists due to an error when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. A remote attacker can spoof which page is actually loaded and in use.

Note: this issue only affects Firefox for Android.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information disclosure

EUVDB-ID: #VU10983

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5140

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to image for moz-icons can be accessed through the moz-icon: protocol through script in web content even when otherwise prohibited. A remote attacker can reveal which applications are associated with specific MIME types by a malicious page.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper access control

EUVDB-ID: #VU10984

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5141

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The vulnerability exists due to the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. A remote attacker can open new tabs in a denial of service (DOS) attack or access unwanted content from arbitrary URLs to users.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Security restrictions bypass

EUVDB-ID: #VU10985

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5142

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the permission notifications do not properly display the originating domain if Media Capture and Streams API permission is requested from documents with data: or blob: URLs. A remote attacker can cause the notification to state "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Self-XSS

EUVDB-ID: #VU10986

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5143

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct self-XSS attack.

The weakness exists due to URLs using javascript: have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks. A remote attacker can supply URL with embedded tab into addressbar and become socially engineered to run an XSS attack against themselves.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory corruption

EUVDB-ID: #VU10979

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5126

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Memory corruption

EUVDB-ID: #VU10972

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5125

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 59.0.

Vulnerable software versions

Mozilla Firefox: 58.0

External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-06/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###