|
|
|
(IBM Issues Fix for IBM Security Access Manager Appliance) Mozilla Firefox Multiple Bugs Let Remote Users Spoof URLs, Conduct Cross-Site Scripting Attacks, Obtain Potentially Sensitive Information, and Execute Arbitrary Code
|
SecurityTracker Alert ID: 1041158 |
SecurityTracker URL: http://securitytracker.com/id/1041158
|
CVE Reference:
CVE-2017-7805
(Links to External Site)
|
Date: Jun 21 2018
|
Impact:
Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7.0.0, 8.0.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.1, 8.0.1.2, 8.0.1.3, 8.0.1.4, 8.0.1.5, 8.0.1.6, 8.0.1.7, 9.0.0, 9.0.0.1, 9.0.1.0, 9.0.2.0, 9.0.2.1, 9.0.3, 9.0.3.1, 9.0.4
|
Description:
Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially sensitive information on the target system. A remote user can spoof URLs. A remote user can conduct cross-site scripting attacks. IBM Security Access Manager Appliance is affected.
A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A use-after-free memory error may occur in the Fetch API [CVE-2017-7793].
A use-after-free memory error may occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers via the DOM [CVE-2017-7818].
A use-after-free memory error may occur in design mode when image objects are resized [CVE-2017-7819].
A buffer overflow may occur when drawing and validating elements with the ANGLE graphics library [CVE-2017-7824].
A use-after-free memory error may occur during TLS 1.2 exchanges [CVE-2017-7805].
A remote user can create specially crafted content that, when dragged onto the browser tab bar, will open files stored on the target user's system [CVE-2017-7812].
Other memory corruption errors may occur [CVE-2017-7810, CVE-2017-7811].
A remote user can trigger an integer truncation flaw in the JavaScript parser to read data outside of the buffer [CVE-2017-7813].
The content security policy (CSP) sandbox directive may not create a unique origin for a document. A remote user can exploit this to conduct cross-scripting attacks [CVE-2017-7823].
A remote user can bypass phishing and malware protection warnings via 'blob:' and 'data:' URL elements [CVE-2017-7814].
A remote user can cause some Tibetan and Arabic characters in several fonts to be displayed as whitespace, which may allow domain spoofing attacks [CVE-2017-7825]. mac OS X systems are affected.
A remote user can invoke the 'data:' protocol within an iframe to spoof a modal dialog's origin [CVE-2017-7815]. Systems with e10 multiprocess disabled are affected.
A remote user can invoke WebExtensions to load an 'about:' privileged URL [CVE-2017-7816].
A remote user can invoke WebExtensions to download and attempt to open a file of some non-executable file types without user interaction [CVE-2017-7821].
The WebCrypto API AES-GCM implementation accepts 0-length IV. A remote user may be able to exploit this to determine the authentication key in certain cases [CVE-2017-7822].
A remote user may be able to bypass the Xray wrapper mechanism [CVE-2017-7820].
A remote user can spoof the address bar via fullscreen mode [CVE-2017-7817]. Firefox for Android is affected.
|
Impact:
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof the address bar and other user interface components.
A remote user can conduct cross-site scripting attacks.
|
Solution:
IBM has issued a fix for CVE-2017-7805 for IBM Security Access Manager Appliance (APARs IJ03463, IJ03464, IJ03465).
The IBM advisory is available at:
https://www-01.ibm.com/support/docview.wss?uid=swg22014872
|
Vendor URL: www-01.ibm.com/support/docview.wss?uid=swg22014872 (Links to External Site)
|
Cause:
Access control error, Boundary error, Input validation error
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|
Go to the Top of This SecurityTracker Archive Page
|