SB2024010701 - Gentoo update for Mozilla Firefox
Published: January 7, 2024 Updated: June 7, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 58 secuirty vulnerabilities.
1) Security features bypass (CVE-ID: CVE-2023-3482)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when Firefox is configured to block storage of all cookies. It is still possible to store data in localstorage by using an iframe
with a source of 'about:blank'. A remote attacker can abuse such behavior to store tracking data without victim's permission.
2) Buffer overflow (CVE-ID: CVE-2023-4058)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim into opening a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Input validation error (CVE-ID: CVE-2023-4579)
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling persistent search terms. Search queries in the default search engine can appear to have been the currently navigated URL if the search query itself is a well formed URL. As a result, a remote attacker can perform a spoofing attack if it had been maliciously set as the default search engine.
4) Heap-based buffer overflow (CVE-ID: CVE-2023-4863)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WebP images within libwebp library. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability affects all modern browsers that support WebP image processing.
Note, the vulnerability is being actively exploited in the wild.
5) Memory leak (CVE-ID: CVE-2023-5170)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due memory leak during canvas rendering. A remote attacker can trick the victim to visit a specially crafted webpage, trigger memory leak of a privileged process by unexpectedly changing the surface and gain access to potentially sensitive information. This memory leak could be used to effect a sandbox escape if the correct data was leaked.
6) Use-after-free (CVE-ID: CVE-2023-5172)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Ion Engine. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
7) Out-of-bounds write (CVE-ID: CVE-2023-5173)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trick the victim to open a specially crafted HTML file to trigger an out-of-bounds write and execute arbitrary code on the target system.
The vulnerability affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled.
8) Use-after-free (CVE-ID: CVE-2023-5175)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free ImageBitmap during process shutdown. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
9) Information disclosure (CVE-ID: CVE-2023-5722)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to cross-origin size and header leakage. A remote attacker can learn the size of an opaque response using iterative requests.
10) Input validation error (CVE-ID: CVE-2023-5723)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling invalid cookie characters. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
11) Spoofing attack (CVE-ID: CVE-2023-5729)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack.
12) Buffer overflow (CVE-ID: CVE-2023-5731)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Cross-site scripting (CVE-ID: CVE-2023-5758)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when opening a page in reader mode. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
14) Observable discrepancy (CVE-ID: CVE-2023-6135)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a side-channel attack in multiple NSS NIST curves, known as "Minerva". A remote attacker can recover the private key and decrypt data passed between server and client.
15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-6210)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions. When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content, such as iframes from insecure http: URLs.
16) Multiple Interpretations of UI Input (CVE-ID: CVE-2023-6211)
The vulnerability allows a remote attacker to perform clickjacking attack.
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game.17) Buffer overflow (CVE-ID: CVE-2023-6213)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Heap-based buffer overflow (CVE-ID: CVE-2023-6856)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the WebGL DrawElementsInstanced method when used on systems with the Mesa VM driver. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2023-6857)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an error when handling symbolic links. A local user can trigger a race when the browser resolves a symbolic link, where the buffer passed to readlink may actually be smaller than necessary. A local user can gain access to potentially sensitive information.
The vulnerability affects Unix based operating systems only (e.g. Android, Linux, MacOS).
20) Heap-based buffer overflow (CVE-ID: CVE-2023-6858)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in nsTextFragment when handling out-of-memory situations. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap overflow and crash the browser.
21) Use-after-free (CVE-ID: CVE-2023-6859)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in PR_GetIdentitiesLayer when creating the TLS socket. A remote attacker can trick the victim to visit a specially crafted website and crash the browser.
22) Security features bypass (CVE-ID: CVE-2023-6860)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to VideoBridge lack of texture validation. A remote attacker can trick the victim to open a specially crafted website, escape the sandbox and gain access to sensitive information.
23) Heap-based buffer overflow (CVE-ID: CVE-2023-6861)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the nsWindow::PickerOpen(void) method when the browser is running in headless mode. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Use-after-free (CVE-ID: CVE-2023-6862)
The vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a use-after-free error in nsDNSService::Init during browser startup. A remote attacker with control over the DNS server can cause the browser to crash.
25) Reliance on undefined behavior (CVE-ID: CVE-2023-6863)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to reliance on undefined behavior in ShutdownObserver(). A remote attacker can crash the browser.
26) Buffer overflow (CVE-ID: CVE-2023-6864)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Use of Uninitialized Variable (CVE-ID: CVE-2023-6865)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to access to uninitialized data in EncryptingOutputStream. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and write data to a local disk, which may have implications for private browsing mode.
28) Improper handling of exceptional conditions (CVE-ID: CVE-2023-6866)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of errors in TypedArrays. A remote attacker can trick the victim to open a specially crafted website and perform a denial of service (DoS) attack.
29) Multiple Interpretations of UI Input (CVE-ID: CVE-2023-6867)
The vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to a timing issue when the user clicks on a button. The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. A remote attacker can perform clickjacking attack.
30) Improper access control (CVE-ID: CVE-2023-6868)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.
31) Multiple Interpretations of UI Input (CVE-ID: CVE-2023-6869)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when displaying browser content. A <dialog> element can be manipulated to paint content outside of a sandboxed iframe, which could allow untrusted content to display under the guise of trusted content.
32) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-6870)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when handling Toast notifications. Applications which spawn a Toast notification in a background thread can obscure fullscreen notifications displayed by the browser.
33) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-6871)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to lack of protocol handler warning when navigating to a new protocol handler. A remote attacker can perform spoofing attack.
34) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-6872)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to Browser tab titles are leaked by GNOME to system logs. A local user can read the log files and gain access to sensitive data.
35) Buffer overflow (CVE-ID: CVE-2023-6873)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
36) Spoofing attack (CVE-ID: CVE-2023-32205)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can obscure browser prompts and perform spoofing attack.
37) Out-of-bounds read (CVE-ID: CVE-2023-32206)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the RLBox Expat driver. A remote attacker can trick the victim to open a specially crafted website, trigger an out-of-bounds read error and crash the browser.
38) Security features bypass (CVE-ID: CVE-2023-32207)
The vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to a missing delay in popup notifications. A remote attacker can trick a victim into granting permissions.
39) Information disclosure (CVE-ID: CVE-2023-32208)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to Firefox leaks the script base URL in service workers due to dynamic import() call. A remote attacker can access to sensitive information.
40) Resource exhaustion (CVE-ID: CVE-2023-32209)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing favicon image. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
41) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-32210)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to documents incorrectly assume an ordering of principal objects. A remote attacker can cause a document to be loaded with a higher privileged principal than intended.
42) Type Confusion (CVE-ID: CVE-2023-32211)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error when processing HTML content. A remote attacker can trick the victim to open a specially crafted website, trigger a type confusion error and crash the browser.
43) Spoofing attack (CVE-ID: CVE-2023-32212)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof the address bar using the datalist element.
44) Buffer overflow (CVE-ID: CVE-2023-32213)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within FileReader::DoReadData() when reading a file. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
45) Improper Authorization in Handler for Custom URL Scheme (CVE-ID: CVE-2023-32214)
The vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to incorrect processing of the ms-cxh and ms-cxh-full handlers. A remote attacker can trick the victim to visit a specially crafted web page and crash the browser.
Note, the vulnerability affects Windows installations only.
46) Buffer overflow (CVE-ID: CVE-2023-32215)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to open a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
47) Buffer overflow (CVE-ID: CVE-2023-32216)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
48) Spoofing attack (CVE-ID: CVE-2023-34414)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data when displaying certificate exceptions. The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed.
With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site.
49) Security features bypass (CVE-ID: CVE-2023-34415)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the way Firefox loads documents from a "data:" URL that was the result of a redirect. A remote attacker can trick the victim to open a specially crafted URL and bypass site-isolation protections against Spectre-like attacks.
50) Buffer overflow (CVE-ID: CVE-2023-34416)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
51) Buffer overflow (CVE-ID: CVE-2023-34417)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
52) Input validation error (CVE-ID: CVE-2023-37203)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation in the Drag and Drop API. A remote attacker trick the victim into creating a shortcut to local system files and leverage the Drag and Drop API behavior to execute arbitrary code.
53) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-37204)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the way fullscreen notifications are handled within the browser. A remote attacker can obscure the fullscreen notification by using an option element by introducing lag via an expensive computational function and perform spoofing attack.54) Spoofing attack (CVE-ID: CVE-2023-37205)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data when processing RTL Arabic characters in the address bar. A remote attacker can spoof URL in the address bar.
55) UNIX symbolic link following (CVE-ID: CVE-2023-37206)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a symlink following issue in the FileSystem API. A remote attacker can trick the victim into uploading a file, which contain a symlink to a critical file, and gain access to potentially sensitive information.
56) Use-after-free (CVE-ID: CVE-2023-37209)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in NotifyOnHistoryReload. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
57) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-37210)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the way the browser exists the fullscreen mode. A remote attacker can prevent a user from exiting full-screen mode via alert and prompt calls and perform spoofing attack.58) Buffer overflow (CVE-ID: CVE-2023-37212)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to visit a malicious website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.