OpenSUSE Linux update for MozillaFirefox

Published: 2019-06-10 | Updated: 2019-06-10
Severity High
Patch available YES
Number of vulnerabilities 17
CVE ID CVE-2018-18511
CVE-2019-11691
CVE-2019-11692
CVE-2019-11693
CVE-2019-11694
CVE-2019-11698
CVE-2019-5798
CVE-2019-7317
CVE-2019-9797
CVE-2019-9800
CVE-2019-9815
CVE-2019-9816
CVE-2019-9817
CVE-2019-9818
CVE-2019-9819
CVE-2019-9820
CVE-2019-9821
CWE ID CWE-264
CWE-416
CWE-119
CWE-401
CWE-451
CWE-125
CWE-362
CWE-843
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software Opensuse Subscribe
Vendor Novell

Security Advisory

1) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 4.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-18511

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to bypass same-origin policy.

The vulnerability exists due to an error when processing canvas elements with transferFromImageBitmap method. A remote attacker can create a specially crafted website, trick the victim into visiting it, bypass cross-origin policy and view images loaded in other browser tabs.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11691

CWE-ID: CWE-416 - Use After Free

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in XMLHttpRequest (XHR) in an event loop. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11692

CWE-ID: CWE-416 - Use After Free

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when listeners are removed from the event listener manager while still in use. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-11693

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in bufferdata function in WebGL with specific graphics drivers on Linux. A remote attacker can create a specially crafted web apge, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11694

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file.. A remote attacker can create a specially crafted web page and gain access to sensitive information stored in memory on the system.

Note: the vulnerability affects Windows versions of Firefox.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Spoofing attack

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11698

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of drag and drop operations. A remote attacker can create a specially crafted hyperlink that when dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data.

Successful exploitation of the vulnerability may allow an attacker to steal user's browser history.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

Severity: Low

CVSSv3: 4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-5798

CWE-ID: CWE-125 - Out-of-bounds Read

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the Skia library during path transformations. A remote attacker can create a specially crafted email, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

Severity: Low

CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-7317

CWE-ID: CWE-416 - Use After Free

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to a use-after-free memory error in the png_image_free function, as defined in the png.c source code file when calling on png_safe_execute. A remote attacker can send specially crafted data, trigger a call on png_safe_execute and trigger memory corruption, resulting in a DoS condition.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9797

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to incorrect implementation of the cross-origin policy when reading images using createImageBitmap. A remote attacker can trick the victim into visiting a specially crafted web page and gain access to images opened in other browser tabs.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-9800

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary errors. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Race condition

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-9815

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to enabled hyperthreading in applications running untrusted code in a thread through a new sysctl on macOS. A remote attacker can perform timing attack, similar to previous Spectre attacks and execute arbitrary code on the target system.

The vulnerability affects macOS users.

For this mitigation to take effect, users must install macOS 10.14.5.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Type Confusion

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-9816

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when manipulating JavaScript objects in object groups via UnboxedObjects. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-9817

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect access restrictions when reading images from a different domain. A remote attacker can use a canvas object under certain circumstances to violate same-origin policy and read image data from another domain name.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-9818

CWE-ID: CWE-416 - Use After Free

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in crash generator server. A remote attacker can trick the victim to visit a specially crafted web page, trigger use-after-free error and crash the browser or execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability affects only Windows version of Firefox.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-9819

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a JavaScript compartment mismatch when working with the fetch API. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.



Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-9820

CWE-ID: CWE-416 - Use After Free

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free in ChromeEventHandler by DocShell. A remote attacker can trick the victim to visit a specially crafted web page, trigger use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

Severity: High

CVSSv3: 8.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-9821

CWE-ID: CWE-416 - Use After Free

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in AssertWorkerThread due to a race condition with shared workers. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0, 42.3

CPE External links

https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.