Vulnerabilities > CVE-2018-18505 - Improper Authentication vulnerability in Mozilla Firefox and Firefox ESR
Summary
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Authentication Abuse An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the "Exploitation of Session Variables, Resource IDs and other Trusted Credentials" attack patterns.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Utilizing REST's Trust in the System Resource to Register Man in the Middle This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to place man in the middle once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service's authentication scheme.
- Man in the Middle Attack This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.
Nessus
NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0148_FIREFOX.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18500) - Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18501) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18505) - Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-12405) - A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18492) - A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18493) - A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18494) - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18498) - Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2018-17466) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127418 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127418 title NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0148) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0148. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127418); script_version("1.2"); script_cvs_date("Date: 2019/10/18 23:14:15"); script_cve_id( "CVE-2018-12405", "CVE-2018-17466", "CVE-2018-18492", "CVE-2018-18493", "CVE-2018-18494", "CVE-2018-18498", "CVE-2018-18500", "CVE-2018-18501", "CVE-2018-18505" ); script_name(english:"NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0148)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18500) - Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18501) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18505) - Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-12405) - A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18492) - A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18493) - A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18494) - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18498) - Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2018-17466) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0148"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18505"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL MAIN 4.05") audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL MAIN 4.05": [ "firefox-60.5.1-1.el6.centos", "firefox-debuginfo-60.5.1-1.el6.centos" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-0219.NASL description An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-03-17 modified 2019-02-04 plugin id 121551 published 2019-02-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121551 title CentOS 7 : firefox (CESA-2019:0219) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:0219 and # CentOS Errata and Security Advisory 2019:0219 respectively. # include("compat.inc"); if (description) { script_id(121551); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20"); script_cve_id("CVE-2018-18500", "CVE-2018-18501", "CVE-2018-18505"); script_xref(name:"RHSA", value:"2019:0219"); script_name(english:"CentOS 7 : firefox (CESA-2019:0219)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters." ); # https://lists.centos.org/pipermail/centos-announce/2019-February/023155.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8aa46fff" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18500"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/05"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"firefox-60.5.0-2.el7.centos", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4376.NASL description Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation. last seen 2020-03-17 modified 2019-01-31 plugin id 121484 published 2019-01-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121484 title Debian DSA-4376-1 : firefox-esr - security update NASL family MacOS X Local Security Checks NASL id MACOS_FIREFOX_60_5_ESR.NASL description The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-02 advisory. - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. (CVE-2018-18500) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. (CVE-2018-18505) - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-18501) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 121476 published 2019-01-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121476 title Mozilla Firefox ESR < 60.5 NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0053_FIREFOX.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18500) - Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18501) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18505) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127239 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127239 title NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0053) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B1F7D52FFC4248E8840387D4C9D26229.NASL description Mozilla Foundation reports : CVE-2018-18500: Use-after-free parsing HTML5 stream CVE-2018-18503: Memory corruption with Audio Buffer CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer CVE-2018-18505: Privilege escalation through IPC channel messages CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied CVE-2018-18502: Memory safety bugs fixed in Firefox 65 CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 last seen 2020-03-18 modified 2019-01-30 plugin id 121447 published 2019-01-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121447 title FreeBSD : mozilla -- multiple vulnerabilities (b1f7d52f-fc42-48e8-8403-87d4c9d26229) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0052_THUNDERBIRD.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (CVE-2016-5824) - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18500) - Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18501) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18505) - Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-12405) - A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18492) - A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18493) - A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18494) - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18498) - Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2018-17466) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127238 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127238 title NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0052) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0219.NASL description From Red Hat Security Advisory 2019:0219 : An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-05-31 modified 2019-01-31 plugin id 121500 published 2019-01-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121500 title Oracle Linux 7 : firefox (ELSA-2019-0219) NASL family Windows NASL id MOZILLA_FIREFOX_65_0.NASL description The version of Firefox installed on the remote Windows host is prior to 65.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-01 advisory. - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. (CVE-2018-18500) - When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. (CVE-2018-18503) - A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results in a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. (CVE-2018-18504) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. (CVE-2018-18505) - When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. (CVE-2018-18506) - Mozilla developers and community members Arthur Iakab, Christoph Diehl, Christian Holler, Kalel, Emilio Cobos lvarez, Cristina Coroiu, Noemi Erli, Natalia Csoregi, Julian Seward, Gary Kwong, Tyson Smith, Yaron Tausky, and Ronald Crane reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-18502) - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-18501) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 121512 published 2019-01-31 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121512 title Mozilla Firefox < 65.0 NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0273-1.NASL description This update for MozillaFirefox, mozilla-nss fixes the following issues : Security issues fixed : CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: Update to MozillaFirefox ESR 60.5.0 Update to mozilla-nss 3.41.1 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-02-07 plugin id 121638 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121638 title SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:0273-1) NASL family Windows NASL id MOZILLA_THUNDERBIRD_60_5.NASL description The version of Thunderbird installed on the remote Windows host is prior to 60.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-03 advisory. - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. (CVE-2018-18500) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. (CVE-2018-18505) - A vulnerability in the Libical libary used by Thunderbird can allow remote attackers to cause a denial of service (use-after-free) via a crafted ICS calendar file. (CVE-2016-5824) - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64, Firefox ESR 60.4, and Thunderbird 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-18501) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 121600 published 2019-02-05 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121600 title Mozilla Thunderbird < 60.5 NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-132.NASL description This update for MozillaFirefox to version 60.5.0esr fixes the following issues : Security issues fixed : - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). last seen 2020-03-18 modified 2019-02-05 plugin id 121590 published 2019-02-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121590 title openSUSE Security Update : MozillaFirefox (openSUSE-2019-132) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-0270.NASL description An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-05-31 modified 2019-02-11 plugin id 122065 published 2019-02-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122065 title CentOS 7 : thunderbird (CESA-2019:0270) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0093_THUNDERBIRD.NASL description The remote NewStart CGSL host, running version MAIN 4.06, has thunderbird packages installed that are affected by multiple vulnerabilities: - libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (CVE-2016-5824) - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18500) - Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18501) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18505) - Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-12405) - A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18492) - A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18493) - A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18494) - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. (CVE-2018-18498) - Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (CVE-2018-17466) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127315 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127315 title NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0093) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0218.NASL description An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-05-31 modified 2019-01-31 plugin id 121501 published 2019-01-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121501 title RHEL 6 : firefox (RHSA-2019:0218) NASL family MacOS X Local Security Checks NASL id MACOS_THUNDERBIRD_60_5.NASL description The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-03 advisory. - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. (CVE-2018-18500) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. (CVE-2018-18505) - A vulnerability in the Libical libary used by Thunderbird can allow remote attackers to cause a denial of service (use-after-free) via a crafted ICS calendar file. (CVE-2016-5824) - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64, Firefox ESR 60.4, and Thunderbird 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-18501) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 121599 published 2019-02-05 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121599 title Mozilla Thunderbird < 60.5 NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-251.NASL description This update for MozillaThunderbird to version 60.5.1 fixes the following issues : Security vulnerabilities addressed (MSFA 2019-03 MSFA 2018-31 MFSA 2019-06 bsc#1122983 bsc#1119105 bsc#1125330) : - CVE-2018-18356: Fixed a Use-after-free in Skia. - CVE-2019-5785: Fixed an Integer overflow in Skia. - CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D. This issue does not affect Linuc distributions. - CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures showing mistekenly that emails bring a valid sugnature. - CVE-2018-18500: Use-after-free parsing HTML5 stream - CVE-2018-18505: Privilege escalation through IPC channel messages - CVE-2016-5824 DoS (use-after-free) via a crafted ics file - CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element - CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Integer overflow when calculating buffer sizes for images - CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4 Other bug fixes and changes : - FileLink provider WeTransfer to upload large attachments - Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user interface: [+] button to select a file an add, [-] to remove. - More search engines: Google and DuckDuckGo available by default in some locales - During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol. - Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on - New WebExtensions FileLink API to facilitate add-ons - Fix decoding problems for messages with less common charsets (cp932, cp936) - New messages in the drafts folder (and other special or virtual folders) will no longer be included in the new messages notification - Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). - Address book search and auto-complete slowness - Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters - While composing a message, a link not removed when link location was removed in the link properties panel - Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding - If the last seen 2020-06-01 modified 2020-06-02 plugin id 122493 published 2019-02-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122493 title openSUSE Security Update : MozillaThunderbird (openSUSE-2019-251) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1678.NASL description Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 122263 published 2019-02-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122263 title Debian DLA-1678-1 : thunderbird security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0270.NASL description From Red Hat Security Advisory 2019:0270 : An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-05-31 modified 2019-02-05 plugin id 121584 published 2019-02-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121584 title Oracle Linux 7 : thunderbird (ELSA-2019-0270) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-182.NASL description This update for MozillaThunderbird to version 60.5.0 fixes the following issues : Security vulnerabilities addressed (MFSA 2019-03 boo#1122983 MFSA 2018-31) : - CVE-2018-18500: Use-after-free parsing HTML5 stream - CVE-2018-18505: Privilege escalation through IPC channel messages - CVE-2016-5824: DoS (use-after-free) via a crafted ics file - CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element - CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Integer overflow when calculating buffer sizes for images - CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4 Other bugs fixed and changes made : - FileLink provider WeTransfer to upload large attachments - Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user inferface: [+] button to select a file an add, [-] to remove. - More search engines: Google and DuckDuckGo available by default in some locales - During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol. - Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on - New WebExtensions FileLink API to facilitate add-ons - Fix decoding problems for messages with less common charsets (cp932, cp936) - New messages in the drafts folder (and other special or virtual folders) will no longer be included in the new messages notification - Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault that potentially deleted saved passwords and private certificate keys for users using a master password. Version 60.3.3 will prevent the loss of data; affected users who have already upgraded to version 60.3.2 or earlier can restore the deleted key3.db file from backup to complete the migration. - Address book search and auto-complete slowness introduced in Thunderbird 60.3.2 - Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters - While composing a message, a link not removed when link location was removed in the link properties panel - Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding - If the last seen 2020-06-01 modified 2020-06-02 plugin id 122224 published 2019-02-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122224 title openSUSE Security Update : MozillaThunderbird (openSUSE-2019-182) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0156_THUNDERBIRD.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (CVE-2016-5824) - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18500) - Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18501) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18505) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127434 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127434 title NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0156) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3874-1.NASL description Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503, CVE-2018-18504, CVE-2018-18505) It was discovered that Firefox allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-31 plugin id 121507 published 2019-01-31 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121507 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : firefox vulnerabilities (USN-3874-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0219.NASL description An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-05-31 modified 2019-01-31 plugin id 121502 published 2019-01-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121502 title RHEL 7 : firefox (RHSA-2019:0219) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201903-04.NASL description The remote host is affected by the vulnerability described in GLSA-201903-04 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page possibly resulting in the execution of arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 122732 published 2019-03-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122732 title GLSA-201903-04 : Mozilla Firefox: Multiple vulnerabilities NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0090_FIREFOX.NASL description The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. (CVE-2018-18500) - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (CVE-2019-5785) - The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. (CVE-2019-9791) - When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. (CVE-2018-18506) - Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. (CVE-2019-9788) - A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. (CVE-2019-9790) - The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. (CVE-2019-9792) - A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. (CVE-2019-9793) - A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. (CVE-2019-9795) - A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver last seen 2020-06-01 modified 2020-06-02 plugin id 127308 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127308 title NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0090) NASL family Scientific Linux Local Security Checks NASL id SL_20190130_FIREFOX_ON_SL6_X.NASL description This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es) : - Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) - Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) - Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) last seen 2020-05-31 modified 2019-01-31 plugin id 121503 published 2019-01-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121503 title Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190130) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4392.NASL description Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures. last seen 2020-06-01 modified 2020-06-02 plugin id 122269 published 2019-02-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122269 title Debian DSA-4392-1 : thunderbird - security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0218.NASL description From Red Hat Security Advisory 2019:0218 : An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-05-31 modified 2019-01-31 plugin id 121499 published 2019-01-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121499 title Oracle Linux 6 : firefox (ELSA-2019-0218) NASL family Scientific Linux Local Security Checks NASL id SL_20190204_THUNDERBIRD_ON_SL6_X.NASL description This update upgrades Thunderbird to version 60.5.0. Security Fix(es) : - Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) - Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) - Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) - libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) last seen 2020-05-31 modified 2019-02-06 plugin id 121607 published 2019-02-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121607 title Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190204) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0269.NASL description An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-05-31 modified 2019-02-05 plugin id 121585 published 2019-02-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121585 title RHEL 6 : thunderbird (RHSA-2019:0269) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3897-1.NASL description A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-5824) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-18356, CVE-2018-18500, CVE-2019-5785) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18501, CVE-2018-18505) An issue was discovered with S/MIME signature verification in some circumstances. An attacker could potentially exploit this by spoofing signatures for arbitrary content. (CVE-2018-18509). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122482 published 2019-02-27 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122482 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : thunderbird vulnerabilities (USN-3897-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-0218.NASL description An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-03-17 modified 2019-02-04 plugin id 121550 published 2019-02-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121550 title CentOS 6 : firefox (CESA-2019:0218) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0336-1.NASL description This update for MozillaFirefox fixes the following issues : Security issues fixed : - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122148 published 2019-02-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122148 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:0336-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-133.NASL description This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed : - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). Non-security issue fixed : - Update mozilla-nss to version 3.36.7 as build dependency. last seen 2020-03-18 modified 2019-02-05 plugin id 121591 published 2019-02-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121591 title openSUSE Security Update : MozillaFirefox (openSUSE-2019-133) NASL family Scientific Linux Local Security Checks NASL id SL_20190130_FIREFOX_ON_SL7_X.NASL description This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es) : - Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) - Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) - Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) last seen 2020-05-31 modified 2019-01-31 plugin id 121504 published 2019-01-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121504 title Scientific Linux Security Update : firefox on SL7.x x86_64 (20190130) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201904-07.NASL description The remote host is affected by the vulnerability described in GLSA-201904-07 (Mozilla Thunderbird and Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Thunderbird and Firefox. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Impact : Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 123581 published 2019-04-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123581 title GLSA-201904-07 : Mozilla Thunderbird and Firefox: Multiple vulnerabilities NASL family Windows NASL id MOZILLA_FIREFOX_60_5_ESR.NASL description The version of Firefox ESR installed on the remote Windows host is prior to 60.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-02 advisory. - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. (CVE-2018-18500) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. (CVE-2018-18505) - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-18501) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 121477 published 2019-01-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121477 title Mozilla Firefox ESR < 60.5 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0270.NASL description An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-05-31 modified 2019-02-05 plugin id 121586 published 2019-02-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121586 title RHEL 7 : thunderbird (RHSA-2019:0270) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-0269.NASL description An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-05-31 modified 2019-02-11 plugin id 122064 published 2019-02-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122064 title CentOS 6 : thunderbird (CESA-2019:0269) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1648.NASL description Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation. For Debian 8 last seen 2020-03-17 modified 2019-01-31 plugin id 121480 published 2019-01-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121480 title Debian DLA-1648-1 : firefox-esr security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1758.NASL description This update for MozillaFirefox, mozilla-nss fixes the following issues : Security issues fixed : - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed : - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 126898 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126898 title openSUSE Security Update : MozillaFirefox (openSUSE-2019-1758) NASL family Scientific Linux Local Security Checks NASL id SL_20190204_THUNDERBIRD_ON_SL7_X.NASL description This update upgrades Thunderbird to version 60.5.0. Security Fix(es) : - Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) - Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) - Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) - libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) last seen 2020-05-31 modified 2019-02-07 plugin id 121631 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121631 title Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190204) NASL family MacOS X Local Security Checks NASL id MACOS_FIREFOX_65_0.NASL description The version of Firefox installed on the remote macOS or Mac OS X host is prior to 65.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-01 advisory. - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. (CVE-2018-18500) - When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. (CVE-2018-18503) - A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results in a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. (CVE-2018-18504) - An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. (CVE-2018-18505) - When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. (CVE-2018-18506) - Mozilla developers and community members Arthur Iakab, Christoph Diehl, Christian Holler, Kalel, Emilio Cobos lvarez, Cristina Coroiu, Noemi Erli, Natalia Csoregi, Julian Seward, Gary Kwong, Tyson Smith, Yaron Tausky, and Ronald Crane reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-18502) - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-18501) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 121511 published 2019-01-31 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121511 title Mozilla Firefox < 65.0 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0269.NASL description From Red Hat Security Advisory 2019:0269 : An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix(es) : * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. last seen 2020-05-31 modified 2019-02-05 plugin id 121583 published 2019-02-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121583 title Oracle Linux 6 : thunderbird (ELSA-2019-0269)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
- http://www.securityfocus.com/bid/106781
- https://access.redhat.com/errata/RHSA-2019:0218
- https://access.redhat.com/errata/RHSA-2019:0219
- https://access.redhat.com/errata/RHSA-2019:0269
- https://access.redhat.com/errata/RHSA-2019:0270
- https://bugzilla.mozilla.org/show_bug.cgi?id=1087565
- https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html
- https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html
- https://security.gentoo.org/glsa/201903-04
- https://security.gentoo.org/glsa/201904-07
- https://usn.ubuntu.com/3874-1/
- https://usn.ubuntu.com/3897-1/
- https://www.debian.org/security/2019/dsa-4376
- https://www.debian.org/security/2019/dsa-4392
- https://www.mozilla.org/security/advisories/mfsa2019-01/
- https://www.mozilla.org/security/advisories/mfsa2019-02/
- https://www.mozilla.org/security/advisories/mfsa2019-03/