ArchLinux: 201810-14: firefox: multiple issues
Summary
- CVE-2018-12388 (arbitrary code execution)
Several memory safety bugs have been found in Firefox versions prior to
63.0. Some of these bugs showed evidence of memory corruption and
Mozilla engineers presume that with enough effort some of these could
be exploited to run arbitrary code.
- CVE-2018-12390 (arbitrary code execution)
Several memory safety bugs have been found in Firefox versions prior to
63.0. Some of these bugs showed evidence of memory corruption and
Mozilla engineers presume that with enough effort some of these could
be exploited to run arbitrary code.
- CVE-2018-12392 (arbitrary code execution)
A security issue has been found in Firefox versions prior to 63.0. When
manipulating user events in nested loops while opening a document
through script, it is possible to trigger a potentially exploitable
crash due to poor event handling.
- CVE-2018-12395 (access restriction bypass)
A security issue has been found in Firefox versions prior to 63.0,
where by rewriting the Host request headers using the webRequest API, a
WebExtension can bypass domain restrictions through domain fronting.
This would allow access to domains that share a host that are otherwise
restricted.
- CVE-2018-12396 (privilege escalation)
A security issue has been found in Firefox versions prior to 63.0,
where a WebExtension can run content scripts in disallowed contexts
following navigation or other events. This allows for potential
privilege escalation by the WebExtension on sites where content scripts
should not be run.
- CVE-2018-12397 (access restriction bypass)
A security issue has been found in Firefox versions prior to 63.0,
where a WebExtension can request access to local files without the
warning prompt stating that the extension will "Access your data for
all websites" being displayed to the user. This allows extensions to
run content scripts in local pages without permission warnings when a
local file is opened.
- CVE-2018-12398 (access restriction bypass)
A security issue has been found in Firefox versions prior to 63.0,
where it is possible to inject stylesheets and bypass Content Security
Policy (CSP) by using the reflected URL in some special resource URIs,
such as chrome:.
- CVE-2018-12399 (content spoofing)
A security issue has been found in Firefox versions prior to 63.0,
where when a new protocol handler is registered, the API accepts a
title argument which can be used to mislead users about which domain is
registering the new protocol. This may result in the user approving a
protocol handler that they otherwise would not have.
- CVE-2018-12401 (denial of service)
A security issue has been found in Firefox versions prior to 63.0,
where some special resource URIs will cause a non-exploitable crash if
loaded with optional parameters following a '?' in the parsed string.
This could lead to denial of service (DOS) attacks.
- CVE-2018-12402 (information disclosure)
A security issue has been found in Firefox versions prior to 63.0,
where SameSite cookies are sent on cross-origin requests when the "Save
Page As..." menu item is selected to save a page, violating cookie
policy. This can result in saving the wrong version of resources based
on those cookies.
- CVE-2018-12403 (content spoofing)
A security issue has been found in Firefox versions prior to 63.0,
where if a site is loaded over a HTTPS connection but loads a favicon
resource over HTTP, the mixed content warning is not displayed to
users.
Resolution
Upgrade to 63.0-1.
# pacman -Syu "firefox>=63.0-1"
The problems have been fixed upstream in version 63.0.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12388 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1472639%2C1485698%2C1301547%2C1471427%2C1379411%2C1482122%2C1486314%2C1487167 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12390 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12392 https://bugzilla.mozilla.org/show_bug.cgi?id=1492823 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12395 https://bugzilla.mozilla.org/show_bug.cgi?id=1467523 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12396 https://bugzilla.mozilla.org/show_bug.cgi?id=1483602 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12397 https://bugzilla.mozilla.org/show_bug.cgi?id=1487478 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12398 https://bugzilla.mozilla.org/show_bug.cgi?id=1460538 https://bugzilla.mozilla.org/show_bug.cgi?id=1488061 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12399 https://bugzilla.mozilla.org/show_bug.cgi?id=1490276 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12401 https://bugzilla.mozilla.org/show_bug.cgi?id=1422456 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12402 https://bugzilla.mozilla.org/show_bug.cgi?id=1469916 https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12403 https://bugzilla.mozilla.org/show_bug.cgi?id=1484753 https://security.archlinux.org/CVE-2018-12388 https://security.archlinux.org/CVE-2018-12390 https://security.archlinux.org/CVE-2018-12392 https://security.archlinux.org/CVE-2018-12395 https://security.archlinux.org/CVE-2018-12396 https://security.archlinux.org/CVE-2018-12397 https://security.archlinux.org/CVE-2018-12398 https://security.archlinux.org/CVE-2018-12399 https://security.archlinux.org/CVE-2018-12401 https://security.archlinux.org/CVE-2018-12402 https://security.archlinux.org/CVE-2018-12403
Workaround
None.