(Oracle Issues Fix for Oracle Linux for Mozilla Thunderbird) Mozilla Firefox Multiple Bugs Let Remote Users Spoof URLs, Bypass Cross-Domain Security Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code
SecurityTracker Alert ID: 1040322|
SecurityTracker URL: http://securitytracker.com/id/1040322
CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104
(Links to External Site)
Date: Feb 4 2018
Execution of arbitrary code via network, Modification of system information, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass security controls on the target system. A remote user can spoof URLs. Mozilla Thunderbird is affected.|
A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A use-after-free memory error may occur during WebRTC connections when interacting with the DTMF timers [CVE-2018-5091].
A use-after-free memory error may occur in a Web Worker [CVE-2018-5092].
A heap buffer overflow may occur in WebAssembly [CVE-2018-5093, CVE-2018-5094].
An integer overflow vulnerability may occur in the Skia library [CVE-2018-5095].
A use-after-free memory error may occur during XSL transformations [CVE-2018-5097].
A use-after-free memory error may occur when manipulating form input elements [CVE-2018-5098].
A use-after-free memory error may occur in the widget listener [CVE-2018-5099].
A use-after-free memory error may occur when IsPotentiallyScrollable arguments are freed from memory [CVE-2018-5100].
A use-after-free memory error may occur when manipulating floating first-letter style elements [CVE-2018-5101].
A use-after-free memory error may occur when manipulating HTML media elements with media streams [CVE-2018-5102].
A use-after-free memory error may occur during mouse event handling [CVE-2018-5103].
A use-after-free memory error may occur during font face manipulation [CVE-2018-5104].
An integer overflow may occur in the DoCrypt function of WebCrypto [CVE-2018-5122].
Other memory corruption errors may occur [CVE-2018-5089, CVE-2018-5090].
A remote user can cause WebExtensions to bypass user prompts to save and then open an arbitrarily downloaded file [CVE-2018-5105].
A remote user can bypass cross-origin restrictions via Developer Tools [CVE-2018-5106].
A user can bypass local access protections via symbolic links (symlinks) in the printing process [CVE-2018-5107].
A manually entered blob URL can be accessed by subsequent private browsing tabs [CVE-2018-5108].
A remote user can cause an audio capture session prompt to display the wrong origin [CVE-2018-5109].
A remote user can cause the cursor to become invisible [CVE-2018-5110]. OS X is affected.
A remote user can spoof address bar URLs via a drag and drop operation [CVE-2018-5111].
A remote user can cause Development Tools to load a non-relative URL [CVE-2018-5112].
A remote user can cause WebExtensions to load non-HTTPS pages [CVE-2018-5113].
A remote user can bypass HttpOnly cookie access in certain cases [CVE-2018-5114].
A remote user can cause a background network request to open an HTTP authentication over the foreground page [CVE-2018-5115].
A remote user can bypass cross-origin restrictions via WebExtensions with the ActiveTab permission [CVE-2018-5116].
A remote user can use right-to-left text in the address bar with left-to-right alignment to spoof URLs [CVE-2018-5117].
A remote user can create a specially crafted Activity Stream page to create local files and potentially bypass sandbox restrictions [CVE-2018-5118].
A remote user cay bypass cross-origin content restrictions in Reader view [CVE-2018-5119].
A remote user may be able to cause OS X Tibetan characters to render incompletely in the address bar to spoof domain names [CVE-2018-5121].
Abdulrahman Alqabandi, Alex Gaynor, Andrea Marchesini, Andreas Pehrson, Anonymous, Bob Clary, Calixte Denizet, Casper of Tencent's Xuanwu Lab, Christian Holler, Emilio Cobos Alvarez, Inkognito, JW Wang, Jason Kratzer, Jason Orendorff, Jerry Decime, Jesse Ruderman, Jun Kokatsu, Karl Tomlinson, Khalil Zhani, Looben Yang, Ludovic Hirlimann, Marcia Knous, Mario Gomes, Mike Taylor, Nathan Froyd, Nils, Nils Ohlmeier, OSS-Fuzz, Oriol Brufau, Paul Adenot, Paul Theriault, Philipp, Randell Jesup, Rob Wu, Ron Warholic, Ronald Crane, Ronen Zilberman, Ryan VanderMeulen, Sebastian Hengst, Stephen Fewer, Ted Campbell, Tristan Bourvon, Tyson Smith, Xidorn Quan, Yoshi Huang, and xisigr of Tencent's Xuanwu Lab reported these vulnerabilities.
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.|
A remote user can bypass security controls on the target system.
A remote user can spoof a URL.
Oracle has issued a fix for CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, and CVE-2018-5104 for Mozilla Thunderbird.|
The Oracle Linux advisory is available at:
Vendor URL: linux.oracle.com/errata/ELSA-2018-0262.html (Links to External Site)
Access control error, Boundary error, Input validation error, State error|
|Underlying OS: Linux (Oracle)|
|Underlying OS Comments: 6, 7|
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Subject: [El-errata] ELSA-2018-0262 Important: Oracle Linux 6 thunderbird security update|
Oracle Linux Security Advisory ELSA-2018-0262
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
Description of changes:
- Replaced thunderbird-redhat-default-prefs.js with
- Update to 52.6.0
El-errata mailing list
Go to the Top of This SecurityTracker Archive Page