SB2018102416 - Multiple vulnerabilities in Mozilla Firefox
Published: October 24, 2018
Security Bulletin ID
SB2018102416
Severity
High
Patch available
YES
Number of vulnerabilities
14
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Cross-origin policy bypass (CVE-ID: CVE-2018-12391)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to audio data can be accessed across origins in violation of security policies during HTTP Live Stream playback on Firefox for Android. A remote attacker can trick the victim into visiting a specially crafted website, bypass cross-origin policies and conduct further attacks.
2) Poor event handling (CVE-ID: CVE-2018-12392)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to poor event handling when manipulating user events in nested loops while opening a document through script. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
3) Integer overflow (CVE-ID: CVE-2018-12393)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow during the conversion of scripts to an internal UTF-16 representation. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
4) Security restrictions bypass (CVE-ID: CVE-2018-12395)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to an error in WebExtension. A remote attacker can trick the victim into visiting a specially crafted website, rewrite the
Host request headers using the webRequest API and bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted.5) Privilege escalation (CVE-ID: CVE-2018-12396)
The vulnerability allows a remote attacker to gain elevated privileges on the target system.The weakness exists due to a WebExtension can run content scripts in disallowed contexts following navigation or other events. A remote attacker can trick the victim into visiting a specially crafted website containing WebExtension where content scripts should not be run and gain elevated privileges.
6) Security restrictions bypass (CVE-ID: CVE-2018-12397)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. A remote attacker can trick the victim into visiting a specially crafted website, run content scripts in local pages without permission warnings when a local file is opened.
7) Security restrictions bypass (CVE-ID: CVE-2018-12398)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to an error when using the reflected URL in some special resource URIs, such as
chrome. A remote attacker can trick the victim into visiting a specially crafted website, inject stylesheets and bypass Content Security Policy (CSP).8) Spoofing attack (CVE-ID: CVE-2018-12399)
The vulnerability allows a remote attacker to conduct spoofing attack on the target system.The weakness exists due to the API accepts a title argument when a new protocol handler is registered. A remote attacker can trick the victim into visiting a specially crafted website, users about which domain is registering the new protocol to spoof protocol registration notification bar
9) Information disclosure (CVE-ID: CVE-2018-12400)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists in private browsing mode on Firefox for Android due to favicons are cached in the
cache/icons folder as they are in non-private mode. A remote attacker can trick the victim into visiting a specially crafted website and gain access to arbitrary data during private browsing sessions.10) Improper input validation (CVE-ID: CVE-2018-12401)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to an error when using special resource URIs. A remote attacker can trick the victim into visiting a specially crafted website and cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string.
11) Information disclosure (CVE-ID: CVE-2018-12402)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page. A remote attacker can trick the victim into visiting a specially crafted website and gain access to SameSite cookies.
12) Security restrictions bypass (CVE-ID: CVE-2018-12403)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to the mixed content warning is not displayed to users if a site is loaded over a HTTPS connection but loads a favicon resource over HTTP. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions.
13) Memory corruption (CVE-ID: CVE-2018-12388)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
14) Memory corruption (CVE-ID: CVE-2018-12390)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.