SB2018031406 - Ubuntu update for Firefox
Published: March 14, 2018 Updated: May 2, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2018-5125)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
2) Memory corruption (CVE-ID: CVE-2018-5126)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
3) Buffer overflow (CVE-ID: CVE-2018-5127)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to buffer overflow when manipulating the SVg animatedPathSegList through script. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
4) Use-after-free error (CVE-ID: CVE-2018-5128)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when manipulating elements, events, and selection ranges during editor operations. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
5) Out-of-bounds write (CVE-ID: CVE-2018-5129)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to a lack of parameter validation on IPC messages. A remote attacker can supply specially crafted malformed IPC messages, trigger out-of-bounds write, escape sandbox and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
6) Memory corruption (CVE-ID: CVE-2018-5130)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to a lack of parameter validation on IPC messages. A remote attacker can send packets with a mismatched RTP payload type in WebRTC connections, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
7) Cross-origin bypass (CVE-ID: CVE-2018-5136)
The vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can share a shared worker created from a data: URL in one tab by another tab with a different origin and bypass the same-origin policy.
8) Security restrictions bypass (CVE-ID: CVE-2018-5137)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can use a maliciously crafted path string to reference the resource and load a legacy extension's non-contentaccessible, defined resources by an arbitrary web page through script.
9) Information disclosure (CVE-ID: CVE-2018-5140)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to image for moz-icons can be accessed through the moz-icon: protocol through script in web content even when otherwise prohibited. A remote attacker can reveal which applications are associated with specific MIME types by a malicious page.
10) Improper access control (CVE-ID: CVE-2018-5141)
The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The vulnerability exists due to the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. A remote attacker can open new tabs in a denial of service (DOS) attack or access unwanted content from arbitrary URLs to users.
11) Security restrictions bypass (CVE-ID: CVE-2018-5142)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to the permission notifications do not properly display the originating domain if Media Capture and Streams API permission is requested from documents with data: or blob: URLs. A remote attacker can cause the notification to state "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission.
12) Information disclosure (CVE-ID: CVE-2018-5131)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. A remote attacker can share a common profile while browsing and access previously stored, locally cached data of a website.
13) Information disclosure (CVE-ID: CVE-2018-5132)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to the Find API for WebExtensions can search some privileged pages, such as about:debugging, if these pages are open in a tab. A remote attacker can tuse a malicious WebExtension to search for otherwise protected data if a user has it open.
14) Information disclosure (CVE-ID: CVE-2018-5134)
The vulnerability allows a remote attacker to obtain potentially information on the target system.The weakness exists due to improper sanitization of user-supplied input. A remote attacker can supply WebExtensions that may use view-source: URLs to view local file: URL content, as well as content stored in about:cache to bypass security restrictions and view specific content.
15) Security restrictions bypass (CVE-ID: CVE-2018-5135)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to improper sanitization of user-supplied input. A remote attacker can supply WebExtensions to bypass normal restrictions in some circumstances and use browser.tabs.executeScript to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged about: pages.
16) Information disclosure (CVE-ID: CVE-2018-5133)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper sanitization of HTML and script content. A local attacker can use a specially crafted program to change the app.support.baseURL preference, load chrome://browser/content/preferences/in-content/preferences.xul directly in a tab, bypass security restrictions and execute a search whenever an EME video player plugin displays a CDM-disabled message as a notification message.
17) Self-XSS (CVE-ID: CVE-2018-5143)
The vulnerability allows a remote attacker to conduct self-XSS attack.The weakness exists due to URLs using javascript: have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks
Remediation
Install update from vendor's website.