Vulnerabilities > CVE-2018-5147 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOS_FIREFOX_52_7_2_ESR.NASL description The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.7.2. It is, therefore, affected by multiple code execution vulnerabilities. A out-of-bounds write flaw exists in multiple functions of the codebook.c script when decoding Vorbis audio data. A context-dependent attacker could corrupt memory and potentially execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 108584 published 2018-03-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108584 title Mozilla Firefox ESR < 52.7.2 Multiple Code Execution Vulnerabilities (macOS) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108584); script_version("1.4"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2018-5146", "CVE-2018-5147"); script_bugtraq_id(103432); script_xref(name:"MFSA", value:"2018-08"); script_name(english:"Mozilla Firefox ESR < 52.7.2 Multiple Code Execution Vulnerabilities (macOS)"); script_summary(english:"Checks the version of Firefox."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote macOS or Mac OS X host is affected by multiple code execution vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.7.2. It is, therefore, affected by multiple code execution vulnerabilities. A out-of-bounds write flaw exists in multiple functions of the codebook.c script when decoding Vorbis audio data. A context-dependent attacker could corrupt memory and potentially execute arbitrary code."); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/"); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla Firefox ESR version 52.7.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5147"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/15"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_firefox_installed.nasl"); script_require_keys("MacOSX/Firefox/Version"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Firefox"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); is_esr = get_kb_item(kb_base+"/is_esr"); if (isnull(is_esr)) audit(AUDIT_NOT_INST, "Mozilla Firefox ESR"); mozilla_check_version(version:version, path:path, product:'firefox', esr:TRUE, fix:'52.7.2', min:'52', severity:SECURITY_HOLE);NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-278.NASL description This update for Mozilla Firefox to version 52.7.2esr fixes security issues and bugs. Security issues fixed : - CVE-2018-5146: Specially crafted vorbis files could have been used to execute arbitrary code via an Out of bounds memory write (bsc#1085671, MFSA 2018-08) - CVE-2018-5147: Specially crafted vorbis files could have been used to execute arbitrary code via an Out of bounds memory write - used on ARM platforms (bsc#1085671, MFSA 2018-08) The following bug fixes are included : - Stability improvements in the Italian locale last seen 2020-06-05 modified 2018-03-19 plugin id 108442 published 2018-03-19 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108442 title openSUSE Security Update : MozillaFirefox (openSUSE-2018-278) NASL family Windows NASL id MOZILLA_FIREFOX_59_0_1.NASL description The version of Mozilla Firefox installed on the remote Windows host is prior to 59.0.1. It is, therefore, affected by multiple code execution vulnerabilities. A out-of-bounds write flaw exists in multiple functions of the codebook.c script when decoding Vorbis audio data. A context-dependent attacker could corrupt memory and potentially execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 108587 published 2018-03-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108587 title Mozilla Firefox < 59.0.1 Multiple Code Execution Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_7943794F707F4E319FEA3BBF1DDCEDC1.NASL description The Mozilla Foundation reports : CVE-2018-5146: Out of bounds memory write in libvorbis An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. CVE-2018-5147: Out of bounds memory write in libtremor The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. last seen 2020-06-01 modified 2020-06-02 plugin id 108430 published 2018-03-19 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108430 title FreeBSD : mozilla -- multiple vulnerabilities (7943794f-707f-4e31-9fea-3bbf1ddcedc1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1319.NASL description Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. For Debian 7 last seen 2020-03-17 modified 2018-03-27 plugin id 108609 published 2018-03-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108609 title Debian DLA-1319-1 : firefox-esr security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4141.NASL description Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened. last seen 2020-06-01 modified 2020-06-02 plugin id 108418 published 2018-03-19 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108418 title Debian DSA-4141-1 : libvorbisidec - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0907-1.NASL description This update for MozillaFirefox fixes the following issues: Security issues fixed in Firefox ESR 52.7.3 (bsc#1085130) : - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption - CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 - CVE-2018-5146: Out of bounds memory write in libvorbis (bsc#1085671) - CVE-2018-5147: Out of bounds memory write in libtremor (bsc#1085671) - CVE-2018-5148: Use-after-free in compositor (MFSA 2018-10) (bsc#1087059) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109000 published 2018-04-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109000 title SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2018:0907-1) NASL family MacOS X Local Security Checks NASL id MACOS_FIREFOX_59_0_1.NASL description The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 59.0.1. It is, therefore, affected by multiple code execution vulnerabilities. A out-of-bounds write flaw exists in multiple functions of the codebook.c script when decoding Vorbis audio data. A context-dependent attacker could corrupt memory and potentially execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 108585 published 2018-03-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108585 title Mozilla Firefox < 59.0.1 Multiple Code Execution Vulnerabilities (macOS) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4143.NASL description Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 108420 published 2018-03-19 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108420 title Debian DSA-4143-1 : firefox-esr - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1312.NASL description Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened. For Debian 7 last seen 2020-03-17 modified 2018-03-23 plugin id 108568 published 2018-03-23 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108568 title Debian DLA-1312-1 : libvorbisidec security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0850-1.NASL description This update for MozillaFirefox fixes the following issues: Security issues fixed in Firefox ESR 52.7.3 (bsc#1085130) : - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption - CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 - CVE-2018-5146: Out of bounds memory write in libvorbis (bsc#1085671) - CVE-2018-5147: Out of bounds memory write in libtremor (bsc#1085671) - CVE-2018-5148: Use-after-free in compositor (MFSA 2018-10) (bsc#1087059) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108749 published 2018-03-30 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108749 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:0850-1) NASL family Windows NASL id MOZILLA_FIREFOX_52_7_2_ESR.NASL description The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 52.7.2. It is, therefore, affected by multiple code execution vulnerabilities. A out-of-bounds write flaw exists in multiple functions of the codebook.c script when decoding Vorbis audio data. A context-dependent attacker could corrupt memory and potentially execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 108586 published 2018-03-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108586 title Mozilla Firefox ESR < 52.7.2 Multiple Code Execution Vulnerabilities
References
- http://www.securityfocus.com/bid/103432
- http://www.securitytracker.com/id/1040544
- https://bugzilla.mozilla.org/show_bug.cgi?id=1446365
- https://lists.debian.org/debian-lts-announce/2018/03/msg00016.html
- https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html
- https://www.debian.org/security/2018/dsa-4141
- https://www.debian.org/security/2018/dsa-4143
- https://www.mozilla.org/security/advisories/mfsa2018-08/