SB2019061001 - OpenSUSE Linux update for MozillaFirefox
Published: June 10, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2018-18511)
The vulnerability allows a remote attacker to bypass same-origin policy.
The vulnerability exists due to an error when processing canvas elements with transferFromImageBitmap method. A remote attacker can create a specially crafted website, trick the victim into visiting it, bypass cross-origin policy and view images loaded in other browser tabs.
2) Use-after-free (CVE-ID: CVE-2019-11691)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in XMLHttpRequest (XHR) in an event loop. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Use-after-free (CVE-ID: CVE-2019-11692)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when listeners are removed from the event listener manager while still in use. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Buffer overflow (CVE-ID: CVE-2019-11693)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in bufferdata function in WebGL with specific graphics drivers on Linux. A remote attacker can create a specially crafted web apge, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Memory leak (CVE-ID: CVE-2019-11694)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file.. A remote attacker can create a specially crafted web page and gain access to sensitive information stored in memory on the system.
Note: the vulnerability affects Windows versions of Firefox.
6) Spoofing attack (CVE-ID: CVE-2019-11698)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of drag and drop operations. A remote attacker can create a specially crafted hyperlink that when dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data.
Successful exploitation of the vulnerability may allow an attacker to steal user's browser history.
7) Out-of-bounds read (CVE-ID: CVE-2019-5798)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the Skia library during path transformations. A remote attacker can create a specially crafted email, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
8) Use-after-free (CVE-ID: CVE-2019-7317)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to a use-after-free memory error in the png_image_free function, as defined in the png.c source code file when calling on png_safe_execute. A remote attacker can send specially crafted data, trigger a call on png_safe_execute and trigger memory corruption, resulting in a DoS condition.
9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-9797)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to incorrect implementation of the cross-origin policy when reading images using createImageBitmap. A remote attacker can trick the victim into visiting a specially crafted web page and gain access to images opened in other browser tabs.
10) Buffer overflow (CVE-ID: CVE-2019-9800)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary errors. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Race condition (CVE-ID: CVE-2019-9815)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to enabled hyperthreading in applications running untrusted code in a thread through a new sysctl on macOS. A remote attacker can perform timing attack, similar to previous Spectre attacks and execute arbitrary code on the target system.
The vulnerability affects macOS users.
For this mitigation to take effect, users must install macOS 10.14.5.
12) Type Confusion (CVE-ID: CVE-2019-9816)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when manipulating JavaScript objects in object groups via UnboxedObjects. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-9817)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect access restrictions when reading images from a different domain. A remote attacker can use a canvas object under certain circumstances to violate same-origin policy and read image data from another domain name.
14) Use-after-free (CVE-ID: CVE-2019-9818)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in crash generator server. A remote attacker can trick the victim to visit a specially crafted web page, trigger use-after-free error and crash the browser or execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note: this vulnerability affects only Windows version of Firefox.
15) Input validation error (CVE-ID: CVE-2019-9819)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a JavaScript compartment mismatch when working with the fetch API. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
16) Use-after-free (CVE-ID: CVE-2019-9820)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free in ChromeEventHandler by DocShell. A remote attacker can trick the victim to visit a specially crafted web page, trigger use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
17) Use-after-free (CVE-ID: CVE-2019-9821)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in AssertWorkerThread due to a race condition with shared workers. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.