SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:   Mozilla.org
(Ubuntu Issues Fix) Mozilla Firefox Multiple Bugs Let Remote Users Spoof Filenames, Bypass Security Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code
SecurityTracker Alert ID:  1040903
SecurityTracker URL:  http://securitytracker.com/id/1040903
CVE Reference:   CVE-2018-5150, CVE-2018-5151, CVE-2018-5152, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5166, CVE-2018-5167, CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173, CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5180, CVE-2018-5181, CVE-2018-5182   (Links to External Site)
Date:  May 13 2018
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass security controls on the target system. A remote user can obtain potentially sensitive information on the target system. A remote user can spoof filenames.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A use-after-free memory error occur when enumerating attributes during SVG animations with clip paths [CVE-2018-5154].

A use-after-free memory error occur when adjusting layout during SVG animations with text paths [CVE-2018-5155].

An integer overflow may occur in the Skia library [CVE-2018-5159].

An uninitialized memory error may occur in the WebRTC encoder [CVE-2018-5160].

A use-after-free memory error may occur in mozilla::WebGLContext::DrawElementsInstanced() [CVE-2018-5180].

A remote user that can exploit a separate vulnerability may be able to inject JavaScript code [CVE-2018-5163].

The software does not properly validate output in the web console and JavaScript debugger and may display some content as clickable links [CVE-2018-5167].

A remote user can cause lightweight themes to be installed without user interaction [CVE-2018-5168].

A specially crafted hyperlinked text containing a 'chrome:' URL can be dragged and dropped onto the 'home' icon [CVE-2018-5169].

The Live Bookmarks page and the PDF viewer may run injected script content from the clipboard in certain cases [CVE-2018-5172].

A buffer overflow may occur in XSLT [CVE-2018-5177].

Other memory corruption errors may occur [CVE-2018-5150, CVE-2018-5151].

On 32-bit versions of Firefox, the Adobe Flash plugin setting for 'Enable Adobe Flash protected mode' displays the opposite status of the Adobe Flash sandbox [CVE-2018-5165].

The Windows Defender SmartScreen UI runs with less secure behavior for downloaded files after the Windows 10 April 2018 Update has been applied [CVE-2018-5174]. Windows systems are affected.

The system may display local files in tabs or the hyperlink [CVE-2018-5181, CVE-2018-5182].

A remote user can inject JavaScript into the PDF viewer [CVE-2018-5158].

A remote user can inject script via the JSON Viewer [CVE-2018-5176].

A remote user can use Unicode characters to spoof filenames in the Downloads panel [CVE-2018-5173].

A remote user can bypass Content Security Policy (CSP) protections for sites that have a script-src policy of 'strict-dynamic' [CVE-2018-5175].

A remote user can bypass WebExtension host permissions via filterReponseData [CVE-2018-5166].

The software does not properly apply Content Security Policy (CSP) to all content sent with the multipart/x-mixed-replace MIME type. A remote user can exploit this to conduct cross-site scripting attacks [CVE-2018-5164].

A remote user can obtain potentially sensitive information on the target system.

A remote user can bypass same-origin restrictions in the PDF viewer to view ostensibly protected PDF files [CVE-2018-5157].

A remote user can obtain potentially sensitive WebExtensions information via the webRequest API [CVE-2018-5152].

An out-of-bounds memory read error may occur when sending websocket data [CVE-2018-5153].

Abdulrahman Alqabandi, Alex Gaynor, Andreas Perhson, Andy McKay, Byron Campen, Christian Holler, Christoph Diehl, David Parks, Dennis Fuchs, Emilio Cobos Alvarez, Francois Lajeunesse Robert, Guyio, Ivan Fratric, Jason Kratzer, Jimmy, Jon Coppeard, Jordi Chancel, Julian Hector, Kannan Vijayan, Khalil Zhani, Masato Kinugawa, Nathan Froyd, Nicolas B. Pierron, Nils, Paul Theriault, Phillipp, Randell Jesup, Ronald Crane, Ryan VanderMeulen, Sebastian Hengst, Tadj Youssouf, Tyson Smith, and Wladimir Palant reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can bypass security controls on the target system.

A remote user can obtain potentially sensitive information on the target system.

A remote user can spoof filenames.

Solution:   Ubuntu has issued a fix for CVE-2018-5150, CVE-2018-5151, CVE-2018-5152, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5166, CVE-2018-5167, CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173, CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5180, CVE-2018-5181, and CVE-2018-5182.

The Ubuntu advisory is available at:

https://usn.ubuntu.com/usn/usn-3645-1

Vendor URL:  usn.ubuntu.com/usn/usn-3645-1 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  Linux (Ubuntu)
Underlying OS Comments:  14.04 LTS, 16.04 LTS, 17.10, 18.04 LTS

Message History:   This archive entry is a follow-up to the message listed below.
May 10 2018 Mozilla Firefox Multiple Bugs Let Remote Users Spoof Filenames, Bypass Security Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC