SB2018062708 - Arch Linux update for firefox

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018062708

SB2018062708 - Arch Linux update for firefox

Published: June 27, 2018

Security Bulletin ID SB2018062708
Severity
High
Patch available
YES
Number of vulnerabilities 17
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 53% Medium 6% Low 41%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 17 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2018-5186)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Memory corruption (CVE-ID: CVE-2018-5187)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Memory corruption (CVE-ID: CVE-2018-5188)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Same-origin policy bypass (CVE-ID: CVE-2018-12358)

The vulnerability allows a remote attacker to bypass same-origin policy on the target system.

The weakness exists due to open redirect. A remote attacker can use redirect the victim into malicious website, avoid the tainting of cross-origin resources in some instances and read responses which are supposed to be opaque.

5) Memory corruption (CVE-ID: CVE-2018-12359)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow when rendering canvas content while adjusting the height and width of the <canvas> element dynamically. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


6) Use-after-free error (CVE-ID: CVE-2018-12360)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free vulnerability when deleting an input element during a mutation event handler triggered by focusing that element. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Integer overflow (CVE-ID: CVE-2018-12361)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the SwizzleData code while calculating buffer sizes. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Integer overflow (CVE-ID: CVE-2018-12362)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Use-after-free error (CVE-ID: CVE-2018-12363)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when script uses mutation events to move DOM nodes between documents. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


10) Cross-site request forgery (CVE-ID: CVE-2018-12364)

The vulnerability allows a remote attacker to perform CSRF attack.

The weakness exists due to insufficient CSRF protections. A remote attacker can use NPAPI plugins, such as Adobe Flash, send non-simple cross-origin requests, make a same-origin POST that does a 307 redirect to the target site, bypass CORS and conduct cross-site request forgery (CSRF) attacks.

11) Information disclosure (CVE-ID: CVE-2018-12365)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to a compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. A remote attacker can gain access to private local files.

12) Out-of-bounds read (CVE-ID: CVE-2018-12366)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to an invalid grid size during QCMS (color profile) transformations. A remote attacker can trigger out-of-bounds read interpreted as a float value and access private data from the output.

13) Timing attack (CVE-ID: CVE-2018-12367)

The vulnerability allows a remote attacker to conduct timing attack.

The weakness exists due to in the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. A remote attacker can use PerformanceNavigationTiming as a precision timer and conduct timing attack and gain access to arbitrary data.

14) Security restrictions bypass (CVE-ID: CVE-2018-12369)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. A remote attacker can use a malicious WebExtension to bypass security restrictions and gain full browser permissions.

15) Security restrictions bypass (CVE-ID: CVE-2018-12370)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to in Reader View SameSite cookie protections are not checked on exiting. A remote attacker can trigger a payload when Reader View is exited if loaded by a malicious site while Reader mode is active, bypass CSRF protections and possibly conduct CSRF attack.

16) Integer overflow (CVE-ID: CVE-2018-12371)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


17) CVE-2018-12356 (CVE-ID: CVE-2018-12356)

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.

Remediation

Install update from vendor's website.

References