ASA-201902-2 generated external raw

[ASA-201902-2] firefox: multiple issues
Arch Linux Security Advisory ASA-201902-2 ========================================= Severity: Critical Date : 2019-02-06 CVE-ID : CVE-2018-18500 CVE-2018-18501 CVE-2018-18502 CVE-2018-18503 CVE-2018-18504 CVE-2018-18505 CVE-2018-18506 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-862 Summary ======= The package firefox before version 65.0-1 is vulnerable to multiple issues including arbitrary code execution, privilege escalation and access restriction bypass. Resolution ========== Upgrade to 65.0-1. # pacman -Syu "firefox>=65.0-1" The problems have been fixed upstream in version 65.0. Workaround ========== None. Description =========== - CVE-2018-18500 (arbitrary code execution) A use-after-free vulnerability has been found in Firefox < 65.0, that can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. - CVE-2018-18501 (arbitrary code execution) Several memory safety bugs have been found in Firefox < 65.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code. - CVE-2018-18502 (arbitrary code execution) Several memory safety bugs have been found in Firefox < 65.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code. - CVE-2018-18503 (arbitrary code execution) A memory corruption vulnerability has been found in the Audio Buffer component of Firefox < 65.0. When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. - CVE-2018-18504 (arbitrary code execution) A memory corruption and out-of-bounds read have been found in Firefox < 65.0, that can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results in a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. - CVE-2018-18505 (privilege escalation) A privilege escalation issue has been found in Firefox < 65.0. An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. - CVE-2018-18506 (access restriction bypass) When proxy auto-detection is enabled in Firefox < 65.0, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. Impact ====== A remote attacker might be able to execute arbitrary code via a crafted web content, or force requests to localhost to be sent through a proxy to another server. A local attacker might be able to escape firefox's sandbox via privilege escalation . References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18500 https://bugzilla.mozilla.org/show_bug.cgi?id=1510114 https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18501 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1512450%2C1517542%2C1513201%2C1460619%2C1502871%2C1516738%2C1516514 https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18502 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1499426%2C1480090%2C1472990%2C1514762%2C1501482%2C1505887%2C1508102%2C1508618%2C1511580%2C1493497%2C1510145%2C1516289%2C1506798%2C1512758 https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18503 https://bugzilla.mozilla.org/show_bug.cgi?id=1509442 https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18504 https://bugzilla.mozilla.org/show_bug.cgi?id=1496413 https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18505 https://bugzilla.mozilla.org/show_bug.cgi?id=1497749 https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18506 https://bugzilla.mozilla.org/show_bug.cgi?id=1503393 https://security.archlinux.org/CVE-2018-18500 https://security.archlinux.org/CVE-2018-18501 https://security.archlinux.org/CVE-2018-18502 https://security.archlinux.org/CVE-2018-18503 https://security.archlinux.org/CVE-2018-18504 https://security.archlinux.org/CVE-2018-18505 https://security.archlinux.org/CVE-2018-18506