SB2018102418 - Multiple vulnerabilities in Mozilla Firefox ESR

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Cross-origin policy bypass (CVE-ID: CVE-2018-12391)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to audio data can be accessed across origins in violation of security policies during HTTP Live Stream playback on Firefox for Android. A remote attacker can trick the victim into visiting a specially crafted website, bypass cross-origin policies and conduct further attacks.

2) Poor event handling (CVE-ID: CVE-2018-12392)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to poor event handling when manipulating user events in nested loops while opening a document through script. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) Integer overflow (CVE-ID: CVE-2018-12393)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow during the conversion of scripts to an internal UTF-16 representation. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Security restrictions bypass (CVE-ID: CVE-2018-12395)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error in WebExtension. A remote attacker can trick the victim into visiting a specially crafted website, rewrite the Host request headers using the webRequest API and bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted.

5) Privilege escalation (CVE-ID: CVE-2018-12396)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to a WebExtension can run content scripts in disallowed contexts following navigation or other events. A remote attacker can trick the victim into visiting a specially crafted website containing WebExtension where content scripts should not be run and gain elevated privileges.

6) Security restrictions bypass (CVE-ID: CVE-2018-12397)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. A remote attacker can trick the victim into visiting a specially crafted website, run content scripts in local pages without permission warnings when a local file is opened.

7) Memory corruption (CVE-ID: CVE-2018-12389)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

8) Memory corruption (CVE-ID: CVE-2018-12390)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

• https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/