ArchLinux: 201812-9: firefox: multiple issues
Summary
- CVE-2018-12405 (arbitrary code execution)
Several memory safety bugs have been found in Firefox < 64.0. Some of
these bugs showed evidence of memory corruption and Mozilla presumes
that with enough effort some of these could be exploited to run
arbitrary code.
- CVE-2018-12406 (arbitrary code execution)
Several memory safety bugs have been found in Firefox < 64.0. Some of
these bugs showed evidence of memory corruption and Mozilla presumes
that with enough effort some of these could be exploited to run
arbitrary code.
- CVE-2018-12407 (arbitrary code execution)
A buffer overflow has been found in the Angle library used for WebGL
content by Firefox < 64.0, when drawing and validating elements with
the VertexBuffer11 module.
- CVE-2018-17466 (arbitrary code execution)
A buffer overflow and out-of-bounds read has been found in the
TextureStorage11 function of the Angle library, as used in the chromium
browser before 70.0.3538.67 and Firefox before 64.0.
- CVE-2018-18492 (arbitrary code execution)
A use-after-free has been found in Firefox < 64.0, after deleting a
selection element due to a weak reference to the select element in the
options collection.
- CVE-2018-18493 (arbitrary code execution)
A buffer overflow can occur in the Skia library use by Firefox < 64.0,
during buffer offset calculations with hardware accelerated canvas 2D
actions due to the use of 32-bit calculations instead of 64-bit.
- CVE-2018-18494 (same-origin policy bypass)
A same-origin policy violation has been found in Firefox < 64.0,
allowing the theft of cross-origin URL entries when using the
Javascript location property to cause a redirection to another site
using performance.getEntries().
- CVE-2018-18495 (access restriction bypass)
A security issue has been found in Firefox < 64.0, where WebExtension
content scripts can be loaded into about: pages in some circumstances,
in violation of the permissions granted to extensions. This could allow
an extension to interfere with the loading and usage of these pages and
use capabilities that were intended to be restricted from extensions.
- CVE-2018-18497 (access restriction bypass)
A security issue has been found in Firefox < 64.0, where limitations on
the URIs allowed to WebExtensions by the browser.windows.create API can
be bypassed when a pipe in the URL field is used within the extension
to load multiple pages as a single argument. This could allow a
malicious WebExtension to opened privileged about: or file: locations.
Resolution
Upgrade to 64.0-1.
# pacman -Syu "firefox>=64.0-1"
The problems have been fixed upstream in version 64.0.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12405 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12406 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456947%2C1475669%2C1504816%2C1502886%2C1500064%2C1500310%2C1500696%2C1499198%2C1434490%2C1481745%2C1458129 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12407 https://bugzilla.mozilla.org/show_bug.cgi?id=1505973 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail?id=880906 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-17466 https://bugzilla.mozilla.org/show_bug.cgi?id=1488295 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18492 https://bugzilla.mozilla.org/show_bug.cgi?id=1499861 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18493 https://bugzilla.mozilla.org/show_bug.cgi?id=1504452 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18494 https://bugzilla.mozilla.org/show_bug.cgi?id=1487964 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18495 https://bugzilla.mozilla.org/show_bug.cgi?id=1427585 https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18497 https://bugzilla.mozilla.org/show_bug.cgi?id=1488180 https://security.archlinux.org/CVE-2018-12405 https://security.archlinux.org/CVE-2018-12406 https://security.archlinux.org/CVE-2018-12407 https://security.archlinux.org/CVE-2018-17466 https://security.archlinux.org/CVE-2018-18492 https://security.archlinux.org/CVE-2018-18493 https://security.archlinux.org/CVE-2018-18494 https://security.archlinux.org/CVE-2018-18495 https://security.archlinux.org/CVE-2018-18497
Workaround
None.