[ASA-201812-9] firefox: multiple issues
Arch Linux Security Advisory ASA-201812-9 ========================================= Severity: Critical Date : 2018-12-12 CVE-ID : CVE-2018-12405 CVE-2018-12406 CVE-2018-12407 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18495 CVE-2018-18497 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-833 Summary ======= The package firefox before version 64.0-1 is vulnerable to multiple issues including arbitrary code execution, same-origin policy bypass and access restriction bypass. Resolution ========== Upgrade to 64.0-1. # pacman -Syu "firefox>=64.0-1" The problems have been fixed upstream in version 64.0. Workaround ========== None. Description =========== - CVE-2018-12405 (arbitrary code execution) Several memory safety bugs have been found in Firefox < 64.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code. - CVE-2018-12406 (arbitrary code execution) Several memory safety bugs have been found in Firefox < 64.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code. - CVE-2018-12407 (arbitrary code execution) A buffer overflow has been found in the Angle library used for WebGL content by Firefox < 64.0, when drawing and validating elements with the VertexBuffer11 module. - CVE-2018-17466 (arbitrary code execution) A buffer overflow and out-of-bounds read has been found in the TextureStorage11 function of the Angle library, as used in the chromium browser before 70.0.3538.67 and Firefox before 64.0. - CVE-2018-18492 (arbitrary code execution) A use-after-free has been found in Firefox < 64.0, after deleting a selection element due to a weak reference to the select element in the options collection. - CVE-2018-18493 (arbitrary code execution) A buffer overflow can occur in the Skia library use by Firefox < 64.0, during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. - CVE-2018-18494 (same-origin policy bypass) A same-origin policy violation has been found in Firefox < 64.0, allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). - CVE-2018-18495 (access restriction bypass) A security issue has been found in Firefox < 64.0, where WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. - CVE-2018-18497 (access restriction bypass) A security issue has been found in Firefox < 64.0, where limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file: locations. Impact ====== A remote attacker can access sensitive information, bypass security measures and execute arbitrary code on the affected host. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-1240... https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%... https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-1240... https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%... https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-1240... https://bugzilla.mozilla.org/show_bug.cgi?id=1505973 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desk... https://bugs.chromium.org/p/chromium/issues/detail?id=880906 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-1746... https://bugzilla.mozilla.org/show_bug.cgi?id=1488295 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-1849... https://bugzilla.mozilla.org/show_bug.cgi?id=1499861 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-1849... https://bugzilla.mozilla.org/show_bug.cgi?id=1504452 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-1849... https://bugzilla.mozilla.org/show_bug.cgi?id=1487964 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-1849... https://bugzilla.mozilla.org/show_bug.cgi?id=1427585 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-1849... https://bugzilla.mozilla.org/show_bug.cgi?id=1488180 https://security.archlinux.org/CVE-2018-12405 https://security.archlinux.org/CVE-2018-12406 https://security.archlinux.org/CVE-2018-12407 https://security.archlinux.org/CVE-2018-17466 https://security.archlinux.org/CVE-2018-18492 https://security.archlinux.org/CVE-2018-18493 https://security.archlinux.org/CVE-2018-18494 https://security.archlinux.org/CVE-2018-18495 https://security.archlinux.org/CVE-2018-18497
participants (1)
-
Remi Gacogne