Bug 1122983 - VUL-0: MozillaFirefox: 65, 60.5, Thunderbird 60.5
VUL-0: MozillaFirefox: 65, 60.5, Thunderbird 60.5
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Charles Robertson
Security Team bot
CVSSv2:NVD:CVE-2018-18500:7.5:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-24 08:00 UTC by Marcus Meissner
Modified: 2022-09-06 16:40 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-01-24 08:00:05 UTC
planned release is January 29th
Comment 1 Wolfgang Rosenauer 2019-01-24 08:24:11 UTC
Currently the following updates are expected:
- Firefox 65.0 for TW
- Firefox 60.5.0 for 15.0 and 42.3
- Thunderbird for TW, 15.0, and 42.3
- NSS 3.36.7 for 42.3
- NSS 3.41.1 for 15.0 and TW

These NSS versions include minor fixes but so far I know without having CVE references yet they are affecting Firefox and also Thunderbird and for TB can cause DOS-type attacks.

I already prepared NSS updates for all targets either in mozilla:Factory or in home:wrosenauer:branches:OBS_Maintained:mozilla-nss.
https://build.opensuse.org/project/show/home:wrosenauer:branches:OBS_Maintained:mozilla-nss
But I'm unsure what to submit. The 15.0 NSS is imported from SLE15 (and btw was forked away from the Factory stream but this is another topic to discuss).
In any case I do not even know if 15.0 should get 3.41.1 or a manually patched 3.40.1 (since there is no official patch level update for 3.40).
Please indicate what I should submit in the end.

The other updates are WIP still.
Comment 2 Wolfgang Rosenauer 2019-01-29 22:29:41 UTC
I've created submitrequests for all packages outlined above BUT mozilla-nss.

I need advice what and how to submit to openSUSE Leap as NSS is covered by SLE15.
Comment 3 Swamp Workflow Management 2019-01-29 23:10:07 UTC
This is an autogenerated message for OBS integration:
This bug (1122983) was mentioned in
https://build.opensuse.org/request/show/669998 Factory / MozillaFirefox
https://build.opensuse.org/request/show/669999 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/670000 15.0 / MozillaThunderbird
https://build.opensuse.org/request/show/670001 42.3 / MozillaThunderbird
Comment 4 Marcus Meissner 2019-01-30 06:43:15 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/


Mozilla Foundation Security Advisory 2019-02
Security vulnerabilities fixed in Firefox ESR 60.5

Announced
    January 29, 2019
Impact
    critical
Products
    Firefox ESR
Fixed in

        Firefox ESR 60.5

#CVE-2018-18500: Use-after-free parsing HTML5 stream

Reporter
    Yaniv Frank with SophosLabs
Impact
    critical

Description

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.
References

    Bug 1510114

#CVE-2018-18505: Privilege escalation through IPC channel messages

Reporter
    Jed Davis
Impact
    high

Description

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process.
References

    Bug 1497749
    CVE-2011-3079

#CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
Comment 5 Marcus Meissner 2019-01-30 06:43:37 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/


Mozilla Foundation Security Advisory 2019-01
Security vulnerabilities fixed in Firefox 65

Announced
    January 29, 2019
Impact
    critical
Products
    Firefox
Fixed in

        Firefox 65

#CVE-2018-18500: Use-after-free parsing HTML5 stream

Reporter
    Yaniv Frank with SophosLabs
Impact
    critical

Description

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.
References

    Bug 1510114

#CVE-2018-18503: Memory corruption with Audio Buffer

Reporter
    Nils
Impact
    high

Description

When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations.
References

    Bug 1509442

#CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer

Reporter
    Markus Vervier of X41 D-SEC GmbH
Impact
    high

Description

A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results in a potentially exploitable crash and the possibility of reading from the memory of the freed buffers.
References

    Bug 1496413

#CVE-2018-18505: Privilege escalation through IPC channel messages

Reporter
    Jed Davis
Impact
    high

Description

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process.
References

    Bug 1497749
    CVE-2011-3079

#CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied

Reporter
    Jann Horn
Impact
    moderate

Description

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing.
References

    Bug 1503393

#CVE-2018-18502: Memory safety bugs fixed in Firefox 65

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Arthur Iakab, Christoph Diehl, Christian Holler, Kalel, Emilio Cobos Álvarez, Cristina Coroiu, Noemi Erli, Natalia Csoregi, Julian Seward, Gary Kwong, Tyson Smith, Yaron Tausky, and Ronald Crane reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 65

#CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
Comment 6 Marcus Meissner 2019-01-30 06:44:07 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/


Mozilla Foundation Security Advisory 2019-03
Security vulnerabilities fixed in Thunderbird 60.5

Announced
    January 29, 2019
Impact
    critical
Products
    Thunderbird
Fixed in

        Thunderbird 60.5

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
#CVE-2018-18500: Use-after-free parsing HTML5 stream

Reporter
    Yaniv Frank with SophosLabs
Impact
    critical

Description

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.
References

    Bug 1510114

#CVE-2018-18505: Privilege escalation through IPC channel messages

Reporter
    Jed Davis
Impact
    high

Description

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process.
References

    Bug 1497749
    CVE-2011-3079

#CVE-2016-5824: DoS (use-after-free) via a crafted ics file

Reporter
    Brandon Perry
Impact
    low

Description

A vulnerability in the Libical libary used by Thunderbird can allow remote attackers to cause a denial of service (use-after-free) via a crafted ICS calendar file.
References

    Bug 1275400

#CVE-2018-18501: Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64, Firefox ESR 60.4, and Thunderbird 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5
Comment 7 Marcus Meissner 2019-01-30 07:05:33 UTC
as for nss ... 

Charles?
Comment 8 Swamp Workflow Management 2019-01-30 08:50:12 UTC
This is an autogenerated message for OBS integration:
This bug (1122983) was mentioned in
https://build.opensuse.org/request/show/670060 15.0 / MozillaFirefox
https://build.opensuse.org/request/show/670061 42.3 / MozillaFirefox
Comment 9 Charles Robertson 2019-01-31 18:28:52 UTC
11229831122983(In reply to Marcus Meissner from comment #7)
> as for nss ... 
> 
> Charles?

I will be submitting a NSS update of 3.41 to SLE-15 soon so, Wolfgang, you will not need to submit to Leep 15 if, indeed, Leep 15 NSS is imported from SLE-15. (This is new to me.)
Comment 11 Swamp Workflow Management 2019-02-03 07:20:07 UTC
This is an autogenerated message for OBS integration:
This bug (1122983) was mentioned in
https://build.opensuse.org/request/show/670835 Factory / MozillaFirefox
Comment 12 Swamp Workflow Management 2019-02-04 20:09:07 UTC
openSUSE-SU-2019:0133-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1121255,1122983
CVE References: CVE-2018-18500,CVE-2018-18501,CVE-2018-18505
Sources used:
openSUSE Leap 42.3 (src):    MozillaFirefox-60.5.0-128.1, mozilla-nss-3.36.7-57.1
Comment 13 Swamp Workflow Management 2019-02-04 20:09:32 UTC
openSUSE-SU-2019:0132-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1122983
CVE References: CVE-2018-18500,CVE-2018-18501,CVE-2018-18505
Sources used:
openSUSE Leap 15.0 (src):    MozillaFirefox-60.5.0-lp150.3.36.1
Comment 15 Swamp Workflow Management 2019-02-06 20:14:40 UTC
SUSE-SU-2019:0273-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1119069,1120374,1122983
CVE References: CVE-2018-12404,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    MozillaFirefox-60.5.0-3.24.2
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    MozillaFirefox-60.5.0-3.24.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    mozilla-nss-3.41.1-3.13.1
Comment 16 Swamp Workflow Management 2019-02-12 17:12:26 UTC
SUSE-SU-2019:0336-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1120374,1122983
CVE References: CVE-2018-18500,CVE-2018-18501,CVE-2018-18505
Sources used:
SUSE OpenStack Cloud 7 (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    MozillaFirefox-60.5.0esr-109.58.3, mozilla-nss-3.41.1-58.25.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    MozillaFirefox-60.5.0esr-109.58.3, mozilla-nss-3.41.1-58.25.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1
SUSE Linux Enterprise Server 12-SP4 (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1
SUSE Linux Enterprise Server 12-SP3 (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1
SUSE Linux Enterprise Server 12-LTSS (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1
SUSE Enterprise Storage 4 (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1
SUSE CaaS Platform ALL (src):    mozilla-nss-3.41.1-58.25.1
SUSE CaaS Platform 3.0 (src):    mozilla-nss-3.41.1-58.25.1
Comment 17 Swamp Workflow Management 2019-02-12 20:09:24 UTC
SUSE-SU-2019:0338-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 1119105,1122983
CVE References: CVE-2016-5824,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    MozillaThunderbird-60.5.0-3.20.2
Comment 18 Swamp Workflow Management 2019-02-14 17:18:01 UTC
openSUSE-SU-2019:0182-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 1122983
CVE References: CVE-2016-5824,CVE-2018-12405,CVE-2018-17466,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505
Sources used:
openSUSE Leap 42.3 (src):    MozillaThunderbird-60.5.0-83.1
Comment 19 Swamp Workflow Management 2019-02-14 20:50:10 UTC
This is an autogenerated message for OBS integration:
This bug (1122983) was mentioned in
https://build.opensuse.org/request/show/676244 Backports:SLE-12 / MozillaThunderbird
Comment 20 Swamp Workflow Management 2019-02-16 19:20:06 UTC
This is an autogenerated message for OBS integration:
This bug (1122983) was mentioned in
https://build.opensuse.org/request/show/676691 15.0 / MozillaThunderbird
https://build.opensuse.org/request/show/676693 Backports:SLE-12 / MozillaThunderbird
Comment 22 Swamp Workflow Management 2019-02-27 11:14:04 UTC
openSUSE-SU-2019:0251-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1119105,1122983,1125330
CVE References: CVE-2016-5824,CVE-2018-12405,CVE-2018-17466,CVE-2018-18335,CVE-2018-18356,CVE-2018-18492,CVE-2018-18493,CVE-2018-18494,CVE-2018-18498,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505,CVE-2018-18509,CVE-2019-5785
Sources used:
openSUSE Leap 15.0 (src):    MozillaThunderbird-60.5.1-lp150.3.30.1
Comment 23 Marcus Meissner 2019-03-01 05:55:15 UTC
done
Comment 24 Swamp Workflow Management 2019-04-12 22:09:25 UTC
SUSE-SU-2019:0336-2: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1120374,1122983
CVE References: CVE-2018-18500,CVE-2018-18501,CVE-2018-18505
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    MozillaFirefox-60.5.0esr-109.58.3, MozillaFirefox-branding-SLE-60-32.5.1, mozilla-nss-3.41.1-58.25.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2019-07-20 10:12:26 UTC
openSUSE-SU-2019:1758-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1119069,1120374,1122983
CVE References: CVE-2018-12404,CVE-2018-18500,CVE-2018-18501,CVE-2018-18505
Sources used:
openSUSE Leap 15.0 (src):    MozillaFirefox-60.8.0-lp150.3.62.1, mozilla-nss-3.41.1-lp150.2.20.1