SB2024081928 - Ubuntu update for firefox 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024081928

SB2024081928 - Ubuntu update for firefox

Published: August 19, 2024

Security Bulletin ID SB2024081928
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 46% Medium 38% Low 15%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Multiple Interpretations of UI Input (CVE-ID: CVE-2024-7518)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exist due to improper input interpretation in UI when handling select options. A remote attacler can obscure the fullscreen notification dialog by document content and perform spoofing attack.


2) Use-after-free (CVE-ID: CVE-2024-7521)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in WebAssembly. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


3) Security features bypass (CVE-ID: CVE-2024-7524)

The vulnerability allows a remote attacker to bypass CSP policy.

Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection.


4) Use of uninitialized resource (CVE-ID: CVE-2024-7526)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in WebGL ANGLE. A remote attacker can trick the victim to visit a specially crafted website and gain access to sensitive information.


5) Use-after-free (CVE-ID: CVE-2024-7527)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in JavaScript garbage collection. A remote attacker can trick the victim into visiting a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


6) Use-after-free (CVE-ID: CVE-2024-7528)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in IndexedDB. A remote attacker can trick the victim into visiting a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


7) Multiple Interpretations of UI Input (CVE-ID: CVE-2024-7529)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exist due to improper handling of the date picker, which can obscure security prompts. A remote attacker use a malicious site to trick a victim into granting permissions.


8) Use-after-free (CVE-ID: CVE-2024-7530)

The vulnerability allows a remote attacker to crash the browser

The vulnerability exists due to a use-after-free error in JavaScript code coverage collection. A remote attacker can trick the victim into visiting a specially crafted website, trigger a use-after-free error and crash the browser.


9) Cryptographic issues (CVE-ID: CVE-2024-7531)

The vulnerability allows a remote attacker to gain access to sensitive information.

Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.


10) Out-of-bounds read (CVE-ID: CVE-2024-7519)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error when processing graphics shared memory. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read and bypass browser sandbox.


11) Type Confusion (CVE-ID: CVE-2024-7520)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in WebAssembly. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


12) Out-of-bounds read (CVE-ID: CVE-2024-7522)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in editor component. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read and bypass browser sandbox.


13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-7525)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due missing permission check when creating a StreamFilter. A web extension with minimal permissions can create a StreamFilter, which can be used to read and modify the response body of requests on any site.


Remediation

Install update from vendor's website.

References