Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2502
Multiple Mozilla Firefox vulnerabilities in IBM SONAS
9 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Scale Out Network Attached Storage
Publisher: IBM
Operating System: Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11698 CVE-2019-11693 CVE-2019-11692
CVE-2019-11691 CVE-2019-9820 CVE-2019-9819
CVE-2019-9817 CVE-2019-9816 CVE-2019-9813
CVE-2019-9810 CVE-2019-9800 CVE-2019-7317
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10956423
http://www.ibm.com/support/docview.wss?uid=ibm10958005
http://www.ibm.com/support/docview.wss?uid=ibm10958003
Comment: This bulletin contains three (3) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Multiple Mozilla Firefox vulnerabilities in IBM SONAS
Product: Scale Out Network Attached Storage
Component: 1.5
Operating system(s): Linux
Reference #: 0956423
Security Bulletin
Summary
There are security vulnerabilities in versions of Mozilla Firefox that are
shipped with versions 1.5.1.0 to 1.5.2.11 of IBM SONAS
Vulnerability Details
IBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain
versions of Mozilla Firefox shipped in certain versions of IBM SONAS. These
vulnerabilities concern the potential ability of a remote attacker to execute
arbitrary code on a vulnerable system or cause a denial of service.
CVEID: CVE-2019-9810
DESCRIPTION: Mozilla Firefox is vulnerable to a buffer overflow, caused by
incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice
method. By persuading a victim to visit a specially-crafted Web site, a remote
attacker could overflow a buffer and execute arbitrary code on the system or
cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158520 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-9813
DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary
code on the system, caused by a type confusion when improperly handling
__proto__ mutations. By persuading a victim to visit a specially-crafted Web
site, a remote attacker could exploit this vulnerability using unknown attack
vectors to execute arbitrary code on the vulnerable system or cause a denial of
service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158521 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM SONAS
The product is affected when running code releases 1.5.1.0 to 1.5.2.11
Remediation/Fixes
A fix for these issues is in version 1.5.2.12 of IBM SONAS. Customers running
an affected version of IBM SONAS should upgrade to 1.5.2.12 or a later version,
so that the fix gets applied.
Workarounds and Mitigations
Workaround(s) :
Normal operation of IBM SONAS does not require or call for customers to use
Firefox to access the Internet. Although IBM recommends that you install a
level of IBM SONAS code with a fix, you can avoid these vulnerabilities by not
using Mozilla Firefox within your IBM SONAS system to access the Internet.
Mitigation: None
- ---
Multiple Mozilla Firefox vulnerability in IBM SONAS
Product: Scale Out Network Attached Storage
Component: 1.5
Operating system(s): Linux
Reference #: 0958005
Security Bulletin
Summary
There is a security vulnerability in versions of Mozilla Firefox that are
shipped with versions 1.5.1.0 to 1.5.2.11 of IBM SONAS
Vulnerability Details
IBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain
versions of Mozilla Firefox shipped in certain versions of IBM SONAS. These
vulnerabilities concern the potential ability of a remote attacker to execute
arbitrary code on a vulnerable system or cause a denial of service.
CVEID: CVE-2019-11692
DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by a
use-after-free when listeners are removed from the event listener manager while
still in use. By persuading a victim to visit a specially-crafted Web site, a
remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161344 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11691
DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by a
use-after-free when working with XMLHttpRequest (XHR) in an event loop. By
persuading a victim to visit a specially-crafted Web site, a remote attacker
could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161343 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-9819
DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by a
JavaScript compartment mismatch can while working with the fetch API. By
persuading a victim to visit a specially-crafted Web site, a remote attacker
could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161340 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-9816
DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary
code on the system, caused by a type confusion when manipulating JavaScript
objects in object groups. By persuading a victim to visit a specially-crafted
Web site, a remote attacker could exploit this vulnerability using unknown
attack vectors to execute arbitrary code on the vulnerable system or cause a
denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161338 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-9817
DESCRIPTION: Mozilla Firefox could allow a remote attacker to obtain sensitive
information. By persuading a victim to visit a specially-crafted Web site, a
remote attacker could exploit this vulnerability using canvas to steal image
data from a different site.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161339 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-9820
DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by a
use-after-free in the chrome event handler. By persuading a victim to visit a
specially-crafted Web site, a remote attacker could exploit this vulnerability
to cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161341 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-7317
DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by a
use-after-free in the png_image_free function in the libpng library. By
persuading a victim to visit a specially-crafted Web site, a remote attacker
could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161346 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-7317
DESCRIPTION: libpng is vulnerable to a denial of service, caused by a
use-after-free in png_image_free in png.c. By persuading a victim to open a
specially-crafted file, a remote attacker could exploit this vulnerability to
cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
156548 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-11693
DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by a
buffer overflow in the bufferdata function in WebGL. By persuading a victim to
visit a specially-crafted Web site, a remote attacker could exploit this
vulnerability to cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161345 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Products and Versions
IBM SONAS
The product is affected when running code releases 1.5.1.0 to 1.5.2.11
Remediation/Fixes
A fix for these issues is in version 1.5.2.11 of IBM SONAS. Customers running
an affected version of IBM SONAS should upgrade to 1.5.2.12version, so that the
fix gets applied.
Workarounds and Mitigations
Workaround(s) :
Normal operation of IBM SONAS does not require or call for customers to use
Firefox to access the Internet. Although IBM recommends that you install a
level of IBM SONAS code with a fix, you can avoid these vulnerabilities by not
using Mozilla Firefox within your IBM SONAS system to access the Internet.
Mitigation: None
- ---
Multiple Mozilla Firefox vulnerability in IBM SONAS
Product: Scale Out Network Attached Storage
Component: 1.5
Operating system(s): Linux
Reference #: 0958003
Security Bulletin
Summary
There is a security vulnerability in versions of Mozilla Firefox that are
shipped with versions 1.5.1.0 to 1.5.2.11 of IBM SONAS
Vulnerability Details
IBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain
versions of Mozilla Firefox shipped in certain versions of IBM SONAS. These
vulnerabilities concern the potential ability of a remote attacker to execute
arbitrary code on a vulnerable system or cause a denial of service.
CVEID: CVE-2019-9800
DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary
code on the system, caused by memory safety bugs within the browser engine. By
persuading a victim to visit a specially-crafted Web site, a remote attacker
could exploit this vulnerability using unknown attack vectors to execute
arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-11698
DESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security
restrictions. By persuading a victim to visit a specially-crafted Web site, a
remote attacker could exploit this vulnerability using drag and dropt to steal
user history data.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161353 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
Affected Products and Versions
IBM SONAS
The product is affected when running code releases 1.5.1.0 to 1.5.2.11
Remediation/Fixes
A fix for these issues is in version 1.5.2.11 of IBM SONAS. Customers running
an affected version of IBM SONAS should upgrade to 1.5.2.12version, so that the
fix gets applied.
Workarounds and Mitigations
Workaround(s) :
Normal operation of IBM SONAS does not require or call for customers to use
Firefox to access the Internet. Although IBM recommends that you install a
level of IBM SONAS code with a fix, you can avoid these vulnerabilities by not
using Mozilla Firefox within your IBM SONAS system to access the Internet.
Mitigation: None
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXSQJlmaOgq3Tt24GAQjG6A//c6OfsxhRLpCpp+HRXqgdYqEwjI8S4/mi
2Mc58ooyYT2HkGto2AmqhE4ZckxItaBaTbR2TvzlCXwtnDRsp1FktjXLvfrbjD7P
LaeUCz/yIQSnB9lrd6EttZYSZpgmD6/oKmwQ+EogZS4WL8bWhn8jvJGdjlGsEr/t
rydmsrfHZt+Xq/cKcS907umOlgHYSC8ijTiy0l9MLwwXkCiWHW6lkb4zUZoH+dM1
b4L86h3RfqodsDEhHc98mMma3bJWv5oq2Rc9V5KKyPayPGB7gmPXvncMFV5khg2E
hZ3knuBFKKpX2R28tvjngxxBGCA3Qra4h63PLgPkHrX6kpaWcO04TtS5RP+3hMCJ
EmZeqmw09Sg74A40bQSK8EfSqUjG7PnwiL5DjFJq1nCtGtX8dptltuf9X/z1A4MD
FMI7QurRZyCMIjqO3BTZqyvZ3LA7nJ8La5PoZrPlKNmvgCvw6TinNo5EPxWcHOIl
cDG416pvZvONE2HLVBNX5e1EFDHUO1I4iXAYfrWkIlC9WC0HVW6I36AzS6VPIQqP
ZWqcDU9qYf3NsOMSrnfPiLzo2ZQP2Q+lVBxleHf/D6o5hlMkOqXgtwpUlwngwbdh
pdkvEdzmYIqqi2P78j+KzoQYPdPc2eBFHyTFHTKLKxLd3hvuEjX19L5+9sH83AX1
jO0MeNNffXw=
=GChe
-----END PGP SIGNATURE-----