Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0042
Mozilla Foundation Security Advisory 2019-01 and 2019-02
30 January 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Mozilla Firefox
Mozilla Firefox ESR
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Remote with User Interaction
Access Privileged Data -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-18506 CVE-2018-18505 CVE-2018-18504
CVE-2018-18503 CVE-2018-18502 CVE-2018-18501
CVE-2018-18500
Member content until: Friday, March 1 2019
OVERVIEW
A vulnerability has been identified in Mozilla Firefox prior to version
65.0 [1], and Firefox ESR prior to version 60.5. [2]
IMPACT
Mozilla has given the following information regarding these
vulnerabilities:
"CVE-2018-18500: Use-after-free parsing HTML5 stream
Reporter Yaniv Frank with SophosLabs
Impact critical
Description
A use-after-free vulnerability can occur while parsing an HTML5 stream
in concert with custom HTML elements. This results in the stream
parser object being freed while still in use, leading to a potentially
exploitable crash." [1][2]
"CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox
ESR 60.5
Reporter Mozilla developers and community
Impact critical
Description
Mozilla developers and community members Alex Gaynor, Christoph Diehl,
Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported
memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of
these bugs showed evidence of memory corruption and we presume that
with enough effort that some of these could be exploited to run
arbitrary code." [1][2]
"CVE-2018-18502: Memory safety bugs fixed in Firefox 65
Reporter Mozilla developers and community
Impact critical
Description
Mozilla developers and community members Arthur Iakab, Christoph
Diehl, Christian Holler, Kalel, Emilio Cobos Ãlvarez, Cristina Coroiu,
Noemi Erli, Natalia Csoregi, Julian Seward, Gary Kwong, Tyson Smith,
Yaron Tausky, and Ronald Crane reported memory safety bugs present in
Firefox 64. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort that some of these could be
exploited to run arbitrary code." [1]
"CVE-2018-18503: Memory corruption with Audio Buffer
Reporter Nils
Impact high
Description
When JavaScript is used to create and manipulate an audio buffer, a
potentially exploitable crash may occur because of a compartment
mismatch in some situations." [1]
"CVE-2018-18504: Memory corruption and out-of-bounds read of texture
client buffer
Reporter Markus Vervier of X41 D-SEC GmbH
Impact high
Description
A crash and out-of-bounds read can occur when the buffer of a texture
client is freed while it is still in use during graphic operations.
This results in a potentially exploitable crash and the possibility of
reading from the memory of the freed buffers." [1]
"CVE-2018-18505: Privilege escalation through IPC channel messages
Reporter Jed Davis
Impact high
Description
An earlier fix for an Inter-process Communication (IPC) vulnerability,
CVE-2011-3079, added authentication to communication between IPC
endpoints and server parents during IPC process creation. This
authentication is insufficient for channels created after the IPC
process is started, leading to the authentication not being correctly
applied to later channels. This could allow for a sandbox escape
through IPC channels due to lack of message validation in the listener
process." [1][2]
"CVE-2018-18506: Proxy Auto-Configuration file can define localhost
access to be proxied
Reporter Jann Horn
Impact moderate
Description
When proxy auto-detection is enabled, if a web server serves a Proxy
Auto-Configuration (PAC) file or if a PAC file is loaded locally, this
PAC file can specify that requests to the localhost are to be sent
through the proxy to another server. This behavior is disallowed by
default when a proxy is manually configured, but when enabled could
allow for attacks on services and tools that bind to the localhost for
networked behavior if they are accessed through browsing." [1]
MITIGATION
Mozilla recommends upgrading Firfox and Firefox ESR to the latest
version - Firefox 65.0 [1] Firefox ESR 60.5. [2]
REFERENCES
[1] Security vulnerabilities fixed in Firefox 65
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/
[2] Security vulnerabilities fixed in Firefox ESR 60.5
https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXFDwvmaOgq3Tt24GAQivZA/9G6sFemmYVQt7e8+WuVVqHH1HxH5LP6G3
jvkelr43/DJjC5qKv3WKgZQY7T5hd/DedGysfV4wEkqjhSy522KhdnUDYO26GqGa
dDO0710O2FsOsqe4zcNWnVfSyLcOuqF/5CbJxZkBZt6vfi7wV3q14Oe0FTr2bRxd
mq2RpCgK1KrptyE1PuoqL7zPcHfc8u1popIhWKSiL1gNwtLsEMgoaK6MqIYUXHQb
dZFYP4XL8eFK+a5ChpNdgRYS9x5l3mWumLy4bxlVfk+FVfx9pqLkrt8vB/TYrmgR
PPzoUWTx3Ss9pKJrwwAvhkngBXrkDBkS83Q3LM+V8Dpg0kyu8AbQUJPi0p21RVh/
g+Gb1dcE6LcixYovQFyl1hgOQXwSu9zKMKvOFAlFyIAcCxZqVNogeVZcZok0B0f4
QDET45t3xFHDFJUH9L9ewMmfuZkBAFWu9NC76htHXtJoGyjEH3G/yJl5Cy50mjcM
bWGvnO68IuMbiPvprvoISwH32O+AD+vl3LPcbjpF2QBtIW5/mgRSYlLO1wEMXnm2
0lHniuwgQIGQc8xi+Z96yj0uK7nh6xdm/o492qVSxd4fKlUtNvpOo2G2rWVvqNip
WPG+sKRYjZTm+/SkQeIV6niv/yQYaJPeMp6q8UrZZqzcKU1LCB+OgUnYGeCqZw95
LfvjV4iT5ro=
=YiSa
-----END PGP SIGNATURE-----