SB2018121205 - Arch Linux update for firefox

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018121205

SB2018121205 - Arch Linux update for firefox

Published: December 12, 2018

Security Bulletin ID SB2018121205
CSH Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2018-12405)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) Memory corruption (CVE-ID: CVE-2018-12406)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) Buffer overflow (CVE-ID: CVE-2018-12407)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Memory corruption (CVE-ID: CVE-2018-17466)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in Angle. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation on the vulnerability may result in system compromise.

5) Use-after-free error (CVE-ID: CVE-2018-18492)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error after deleting a selection element due to a weak reference to the select element in the options collection.. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

6) Buffer overflow (CVE-ID: CVE-2018-18493)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

7) Same-origin policy bypass (CVE-ID: CVE-2018-18494)

The vulnerability allows a remote attacker to bypass same-origin policy on the target system.

The weakness exists due to an error .when using the Javascript location property. A remote attacker can trick the victim into visiting a specially crafted website and theft cross-origin URL entries to cause a redirection to another site using performance.getEntries()

8) Security restrictions bypass (CVE-ID: CVE-2018-18495)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to WebExtension content scripts can be loaded into about: pages in some circumstances. A remote attacker can use a specially crafted extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions.

9) Security restrictions bypass (CVE-ID: CVE-2018-18497)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error in limitations on the URIs. A remote attacker can bypass WebExtensions by the browser.windows.create API when a pipe in the URL field is used within the extension to load multiple pages as a single argument and open privileged about: or file: locations.

Remediation

Install update from vendor's website.

References