SB2018121201 - Multiple vulnerabilities in Mozilla Firefox

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018121201

SB2018121201 - Multiple vulnerabilities in Mozilla Firefox

Published: December 12, 2018

Security Bulletin ID SB2018121201
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 55% Low 45%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2018-12407)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) Memory corruption (CVE-ID: CVE-2018-17466)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in Angle. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation on the vulnerability may result in system compromise.

3) Use-after-free error (CVE-ID: CVE-2018-18492)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error after deleting a selection element due to a weak reference to the select element in the options collection.. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Buffer overflow (CVE-ID: CVE-2018-18493)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Same-origin policy bypass (CVE-ID: CVE-2018-18494)

The vulnerability allows a remote attacker to bypass same-origin policy on the target system.

The weakness exists due to an error .when using the Javascript location property. A remote attacker can trick the victim into visiting a specially crafted website and theft cross-origin URL entries to cause a redirection to another site using performance.getEntries()

6) Security restrictions bypass (CVE-ID: CVE-2018-18495)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to WebExtension content scripts can be loaded into about: pages in some circumstances. A remote attacker can use a specially crafted extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions.

7) Security restrictions bypass (CVE-ID: CVE-2018-18496)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error when the RSS Feed preview about:feeds page is framed within another page. A remote attacker can use the RSS Feed preview about:feeds page in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory.

8) Security restrictions bypass (CVE-ID: CVE-2018-18497)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error in limitations on the URIs. A remote attacker can bypass WebExtensions by the browser.windows.create API when a pipe in the URL field is used within the extension to load multiple pages as a single argument and open privileged about: or file: locations.

9) Integer overflow (CVE-ID: CVE-2018-18498)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an integer overflow during buffer size calculations for images. A remote attacker can use a raw value instead of the checked value, trigger out-of-bounds read and cause the service to crash.

10) Memory corruption (CVE-ID: CVE-2018-12406)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

11) Memory corruption (CVE-ID: CVE-2018-12405)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References