Описание
Security update for MozillaFirefox
This update for MozillaFirefox to the 52.9 ESR release fixes the following issues:
These security issues were fixed:
-
Firefox ESR 52.9:
-
CVE-2018-5188 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 (bsc#1098998).
-
CVE-2018-12368 No warning when opening executable SettingContent-ms files (bsc#1098998).
-
CVE-2018-12366 Invalid data handling during QCMS transformations (bsc#1098998).
-
CVE-2018-12365 Compromised IPC child process can list local filenames (bsc#1098998).
-
CVE-2018-12364 CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998).
-
CVE-2018-12363 Use-after-free when appending DOM nodes (bsc#1098998).
-
CVE-2018-12362 Integer overflow in SSSE3 scaler (bsc#1098998).
-
CVE-2018-12360 Use-after-free when using focus() (bsc#1098998).
-
CVE-2018-5156 Media recorder segmentation fault when track type is changed during capture (bsc#1098998).
-
CVE-2018-12359 Buffer overflow using computed size of canvas element (bsc#1098998).
-
Firefox ESR 52.8:
-
CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449).
-
CVE-2018-5183: Backport critical security fixes in Skia (bsc#1092548).
-
CVE-2018-5154: Use-after-free with SVG animations and clip paths (bsc#1092548).
-
CVE-2018-5155: Use-after-free with SVG animations and text paths (bsc#1092548).
-
CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files (bsc#1092548).
-
CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer (bsc#1092548).
-
CVE-2018-5159: Integer overflow and out-of-bounds write in Skia (bsc#1092548).
-
CVE-2018-5168: Lightweight themes can be installed without user interaction (bsc#1092548).
-
CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (bsc#1092548).
-
CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (bsc#1092548).
These non-security issues were fixed:
- Various stability and regression fixes
- Performance improvements to the Safe Browsing service to avoid slowdowns while updating site classification data
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15
Ссылки
- Link for SUSE-SU-2018:2298-1
- E-Mail link for SUSE-SU-2018:2298-1
- SUSE Security Ratings
- SUSE Bug 1092548
- SUSE Bug 1096449
- SUSE Bug 1098998
- SUSE CVE CVE-2018-12359 page
- SUSE CVE CVE-2018-12360 page
- SUSE CVE CVE-2018-12362 page
- SUSE CVE CVE-2018-12363 page
- SUSE CVE CVE-2018-12364 page
- SUSE CVE CVE-2018-12365 page
- SUSE CVE CVE-2018-12366 page
- SUSE CVE CVE-2018-12368 page
- SUSE CVE CVE-2018-5150 page
- SUSE CVE CVE-2018-5154 page
- SUSE CVE CVE-2018-5155 page
- SUSE CVE CVE-2018-5156 page
- SUSE CVE CVE-2018-5157 page
- SUSE CVE CVE-2018-5158 page
Описание
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Затронутые продукты
Ссылки
- CVE-2018-12359
- SUSE Bug 1098998
Описание
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Затронутые продукты
Ссылки
- CVE-2018-12360
- SUSE Bug 1098998
Описание
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Затронутые продукты
Ссылки
- CVE-2018-12362
- SUSE Bug 1098998
Описание
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Затронутые продукты
Ссылки
- CVE-2018-12363
- SUSE Bug 1098998
Описание
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Затронутые продукты
Ссылки
- CVE-2018-12364
- SUSE Bug 1098998
Описание
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Затронутые продукты
Ссылки
- CVE-2018-12365
- SUSE Bug 1098998
Описание
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Затронутые продукты
Ссылки
- CVE-2018-12366
- SUSE Bug 1098998
Описание
Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Затронутые продукты
Ссылки
- CVE-2018-12368
- SUSE Bug 1098998
Описание
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Затронутые продукты
Ссылки
- CVE-2018-5150
- SUSE Bug 1092548
- SUSE Bug 1092611
- SUSE Bug 1093969
- SUSE Bug 1093970
- SUSE Bug 1093971
- SUSE Bug 1093972
- SUSE Bug 1093973
Описание
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Затронутые продукты
Ссылки
- CVE-2018-5154
- SUSE Bug 1092548
- SUSE Bug 1092611
- SUSE Bug 1093969
- SUSE Bug 1093970
- SUSE Bug 1093971
- SUSE Bug 1093972
- SUSE Bug 1093973
Описание
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Затронутые продукты
Ссылки
- CVE-2018-5155
- SUSE Bug 1092548
- SUSE Bug 1092611
- SUSE Bug 1093969
- SUSE Bug 1093970
- SUSE Bug 1093971
- SUSE Bug 1093972
- SUSE Bug 1093973
Описание
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Затронутые продукты
Ссылки
- CVE-2018-5156
- SUSE Bug 1098998
Описание
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
Затронутые продукты
Ссылки
- CVE-2018-5157
- SUSE Bug 1092548
- SUSE Bug 1092611
- SUSE Bug 1093969
- SUSE Bug 1093970
- SUSE Bug 1093971
- SUSE Bug 1093972
- SUSE Bug 1093973
Описание
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
Затронутые продукты
Ссылки
- CVE-2018-5158
- SUSE Bug 1092548
- SUSE Bug 1092611
- SUSE Bug 1093969
- SUSE Bug 1093970
- SUSE Bug 1093971
- SUSE Bug 1093972
- SUSE Bug 1093973
Описание
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Затронутые продукты
Ссылки
- CVE-2018-5159
- SUSE Bug 1092548
- SUSE Bug 1092611
- SUSE Bug 1093969
- SUSE Bug 1093970
- SUSE Bug 1093971
- SUSE Bug 1093972
- SUSE Bug 1093973
Описание
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Затронутые продукты
Ссылки
- CVE-2018-5168
- SUSE Bug 1092548
- SUSE Bug 1092611
- SUSE Bug 1093969
- SUSE Bug 1093970
- SUSE Bug 1093971
- SUSE Bug 1093972
- SUSE Bug 1093973
Описание
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
Затронутые продукты
Ссылки
- CVE-2018-5178
- SUSE Bug 1092548
- SUSE Bug 1092611
- SUSE Bug 1093969
- SUSE Bug 1093970
- SUSE Bug 1093971
- SUSE Bug 1093972
- SUSE Bug 1093973
Описание
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
Затронутые продукты
Ссылки
- CVE-2018-5183
- SUSE Bug 1092548
- SUSE Bug 1092611
- SUSE Bug 1093969
- SUSE Bug 1093970
- SUSE Bug 1093971
- SUSE Bug 1093972
- SUSE Bug 1093973
Описание
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Затронутые продукты
Ссылки
- CVE-2018-5188
- SUSE Bug 1098998
Описание
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6126
- SUSE Bug 1095163
- SUSE Bug 1096449