SB2018051512 - Red Hat update for Mozilla Firefox

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2018-5150)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

2) Use-after-free error (CVE-ID: CVE-2018-5154)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error while enumerating attributes during SVG animations with clip paths. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

3) Use-after-free error (CVE-ID: CVE-2018-5155)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error while adjusting layout during SVG animations with text paths. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

4) Same-origin policy bypass (CVE-ID: CVE-2018-5157)

The vulnerability allows a remote attacker to bypass same-origin policy on the target system.

The weakness exists due to improper input validation. A remote attacker can trick the victim into visiting a specially crafted website, bypass same-origin protections for the PDF viewer and cause a malicious site to intercept messages meant for the viewer and retrieve PDF files restricted to viewing by an authenticated user on a third-party website.

5) Cross-site scripting (CVE-ID: CVE-2018-5158)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to the PDF viewer does not sufficiently sanitize PostScript calculator functions. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks

6) Memory corruption (CVE-ID: CVE-2018-5159)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow in the Skia library while 32-bit integer use in an array without integer overflow checks. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

7) Security restrictions bypass (CVE-ID: CVE-2018-5168)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper privileges or access controls. A remote attacker can manipulate the baseURI property of the theme element, bypass security restrictions and cause lightweight themes to be installed without user interaction which could contain offensive or embarrassing images.

8) Buffer overflow (CVE-ID: CVE-2018-5178)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

9) Memory corruption (CVE-ID: CVE-2018-5183)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2018:1414