SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Mozilla Thunderbird Vendors:   Mozilla.org
(Ubuntu Issues Fix for Mozilla Thunderbird) Mozilla Firefox Multiple Bugs Let Remote Users Spoof URLs, Bypass Cross-Domain Security Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code
SecurityTracker Alert ID:  1040295
SecurityTracker URL:  http://securitytracker.com/id/1040295
CVE Reference:   CVE-2018-5089, CVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117   (Links to External Site)
Date:  Jan 30 2018
Impact:   Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass security controls on the target system. A remote user can spoof URLs. Mozilla Thunderbird is affected.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A use-after-free memory error may occur during WebRTC connections when interacting with the DTMF timers [CVE-2018-5091].

A use-after-free memory error may occur in a Web Worker [CVE-2018-5092].

A heap buffer overflow may occur in WebAssembly [CVE-2018-5093, CVE-2018-5094].

An integer overflow vulnerability may occur in the Skia library [CVE-2018-5095].

A use-after-free memory error may occur during XSL transformations [CVE-2018-5097].

A use-after-free memory error may occur when manipulating form input elements [CVE-2018-5098].

A use-after-free memory error may occur in the widget listener [CVE-2018-5099].

A use-after-free memory error may occur when IsPotentiallyScrollable arguments are freed from memory [CVE-2018-5100].

A use-after-free memory error may occur when manipulating floating first-letter style elements [CVE-2018-5101].

A use-after-free memory error may occur when manipulating HTML media elements with media streams [CVE-2018-5102].

A use-after-free memory error may occur during mouse event handling [CVE-2018-5103].

A use-after-free memory error may occur during font face manipulation [CVE-2018-5104].

An integer overflow may occur in the DoCrypt function of WebCrypto [CVE-2018-5122].

Other memory corruption errors may occur [CVE-2018-5089, CVE-2018-5090].

A remote user can cause WebExtensions to bypass user prompts to save and then open an arbitrarily downloaded file [CVE-2018-5105].

A remote user can bypass cross-origin restrictions via Developer Tools [CVE-2018-5106].

A user can bypass local access protections via symbolic links (symlinks) in the printing process [CVE-2018-5107].

A manually entered blob URL can be accessed by subsequent private browsing tabs [CVE-2018-5108].

A remote user can cause an audio capture session prompt to display the wrong origin [CVE-2018-5109].

A remote user can cause the cursor to become invisible [CVE-2018-5110]. OS X is affected.

A remote user can spoof address bar URLs via a drag and drop operation [CVE-2018-5111].

A remote user can cause Development Tools to load a non-relative URL [CVE-2018-5112].

A remote user can cause WebExtensions to load non-HTTPS pages [CVE-2018-5113].

A remote user can bypass HttpOnly cookie access in certain cases [CVE-2018-5114].

A remote user can cause a background network request to open an HTTP authentication over the foreground page [CVE-2018-5115].

A remote user can bypass cross-origin restrictions via WebExtensions with the ActiveTab permission [CVE-2018-5116].

A remote user can use right-to-left text in the address bar with left-to-right alignment to spoof URLs [CVE-2018-5117].

A remote user can create a specially crafted Activity Stream page to create local files and potentially bypass sandbox restrictions [CVE-2018-5118].

A remote user cay bypass cross-origin content restrictions in Reader view [CVE-2018-5119].

A remote user may be able to cause OS X Tibetan characters to render incompletely in the address bar to spoof domain names [CVE-2018-5121].

Abdulrahman Alqabandi, Alex Gaynor, Andrea Marchesini, Andreas Pehrson, Anonymous, Bob Clary, Calixte Denizet, Casper of Tencent's Xuanwu Lab, Christian Holler, Emilio Cobos Alvarez, Inkognito, JW Wang, Jason Kratzer, Jason Orendorff, Jerry Decime, Jesse Ruderman, Jun Kokatsu, Karl Tomlinson, Khalil Zhani, Looben Yang, Ludovic Hirlimann, Marcia Knous, Mario Gomes, Mike Taylor, Nathan Froyd, Nils, Nils Ohlmeier, OSS-Fuzz, Oriol Brufau, Paul Adenot, Paul Theriault, Philipp, Randell Jesup, Rob Wu, Ron Warholic, Ronald Crane, Ronen Zilberman, Ryan VanderMeulen, Sebastian Hengst, Stephen Fewer, Ted Campbell, Tristan Bourvon, Tyson Smith, Xidorn Quan, Yoshi Huang, and xisigr of Tencent's Xuanwu Lab reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can bypass security controls on the target system.

A remote user can spoof a URL.

Solution:   Ubuntu has issued a fix for CVE-2018-5089, CVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, and CVE-2018-5117 for Mozilla Thunderbird.

The Ubuntu advisory is available at:

https://www.ubuntu.com/usn/usn-3529-1

Vendor URL:  www.ubuntu.com/usn/usn-3529-1 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error
Underlying OS:  Linux (Ubuntu)
Underlying OS Comments:  14.04 LTS, 16.04 LTS, 17.10

Message History:   This archive entry is a follow-up to the message listed below.
Jan 24 2018 Mozilla Firefox Multiple Bugs Let Remote Users Spoof URLs, Bypass Cross-Domain Security Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC