Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0042 Mozilla Foundation Security Advisory 2019-01 and 2019-02 30 January 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mozilla Firefox Mozilla Firefox ESR Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-18506 CVE-2018-18505 CVE-2018-18504 CVE-2018-18503 CVE-2018-18502 CVE-2018-18501 CVE-2018-18500 Member content until: Friday, March 1 2019 OVERVIEW A vulnerability has been identified in Mozilla Firefox prior to version 65.0 [1], and Firefox ESR prior to version 60.5. [2] IMPACT Mozilla has given the following information regarding these vulnerabilities: "CVE-2018-18500: Use-after-free parsing HTML5 stream Reporter Yaniv Frank with SophosLabs Impact critical Description A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash." [1][2] "CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 Reporter Mozilla developers and community Impact critical Description Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code." [1][2] "CVE-2018-18502: Memory safety bugs fixed in Firefox 65 Reporter Mozilla developers and community Impact critical Description Mozilla developers and community members Arthur Iakab, Christoph Diehl, Christian Holler, Kalel, Emilio Cobos Ãlvarez, Cristina Coroiu, Noemi Erli, Natalia Csoregi, Julian Seward, Gary Kwong, Tyson Smith, Yaron Tausky, and Ronald Crane reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code." [1] "CVE-2018-18503: Memory corruption with Audio Buffer Reporter Nils Impact high Description When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations." [1] "CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer Reporter Markus Vervier of X41 D-SEC GmbH Impact high Description A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results in a potentially exploitable crash and the possibility of reading from the memory of the freed buffers." [1] "CVE-2018-18505: Privilege escalation through IPC channel messages Reporter Jed Davis Impact high Description An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process." [1][2] "CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied Reporter Jann Horn Impact moderate Description When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing." [1] MITIGATION Mozilla recommends upgrading Firfox and Firefox ESR to the latest version - Firefox 65.0 [1] Firefox ESR 60.5. [2] REFERENCES [1] Security vulnerabilities fixed in Firefox 65 https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/ [2] Security vulnerabilities fixed in Firefox ESR 60.5 https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXFDwvmaOgq3Tt24GAQivZA/9G6sFemmYVQt7e8+WuVVqHH1HxH5LP6G3 jvkelr43/DJjC5qKv3WKgZQY7T5hd/DedGysfV4wEkqjhSy522KhdnUDYO26GqGa dDO0710O2FsOsqe4zcNWnVfSyLcOuqF/5CbJxZkBZt6vfi7wV3q14Oe0FTr2bRxd mq2RpCgK1KrptyE1PuoqL7zPcHfc8u1popIhWKSiL1gNwtLsEMgoaK6MqIYUXHQb dZFYP4XL8eFK+a5ChpNdgRYS9x5l3mWumLy4bxlVfk+FVfx9pqLkrt8vB/TYrmgR PPzoUWTx3Ss9pKJrwwAvhkngBXrkDBkS83Q3LM+V8Dpg0kyu8AbQUJPi0p21RVh/ g+Gb1dcE6LcixYovQFyl1hgOQXwSu9zKMKvOFAlFyIAcCxZqVNogeVZcZok0B0f4 QDET45t3xFHDFJUH9L9ewMmfuZkBAFWu9NC76htHXtJoGyjEH3G/yJl5Cy50mjcM bWGvnO68IuMbiPvprvoISwH32O+AD+vl3LPcbjpF2QBtIW5/mgRSYlLO1wEMXnm2 0lHniuwgQIGQc8xi+Z96yj0uK7nh6xdm/o492qVSxd4fKlUtNvpOo2G2rWVvqNip WPG+sKRYjZTm+/SkQeIV6niv/yQYaJPeMp6q8UrZZqzcKU1LCB+OgUnYGeCqZw95 LfvjV4iT5ro= =YiSa -----END PGP SIGNATURE-----