Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.813036
Category:General
Title:Mozilla Firefox Security Updates(mfsa_2018-06_2018-07)-MAC OS X
Summary:Mozilla Firefox is prone to multiple vulnerabilities.
Description:Summary:
Mozilla Firefox is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- A buffer overflow error when manipulating SVG animatedPathSegList through script.

- An use-after-free error during editor operations.

- A lack of parameter validation on IPC messages.

- A memory corruption error when packets with a mismatched RTP payload type are
sent in WebRTC connections.

- Fetch API improperly returns cached copies of no-store/no-cache resources.

- The Find API for WebExtensions can search some privileged pages.

- The value of the app.support.baseURL preference is not properly sanitized.

- WebExtensions may use view-source: URLs to bypass content restrictions.

- WebExtensions can bypass normal restrictions in some circumstances.

- Same-origin policy violation with data: URL shared workers.

- Script content can access legacy extension non-contentaccessible resources.

- Moz-icon images accessible to web content through moz-icon: protocol.

- A vulnerability in the notifications Push API.

- Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs.

- Self-XSS pasting javascript: URL with embedded tab into addressbar.

- Memory safety bugs fixed in Firefox 59.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to conduct cross-site scripting (XSS) attacks, crash the affected
system, conduct sandbox escape, access sensitive data and bypass security
restrictions.

Affected Software/OS:
Mozilla Firefox version before 59 on MAC OS X.

Solution:
Upgrade to Mozilla Firefox version 59
or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-5127
BugTraq ID: 103388
http://www.securityfocus.com/bid/103388
Debian Security Information: DSA-4139 (Google Search)
https://www.debian.org/security/2018/dsa-4139
Debian Security Information: DSA-4155 (Google Search)
https://www.debian.org/security/2018/dsa-4155
https://security.gentoo.org/glsa/201810-01
https://security.gentoo.org/glsa/201811-13
https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html
https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html
RedHat Security Advisories: RHSA-2018:0526
https://access.redhat.com/errata/RHSA-2018:0526
RedHat Security Advisories: RHSA-2018:0527
https://access.redhat.com/errata/RHSA-2018:0527
RedHat Security Advisories: RHSA-2018:0647
https://access.redhat.com/errata/RHSA-2018:0647
RedHat Security Advisories: RHSA-2018:0648
https://access.redhat.com/errata/RHSA-2018:0648
http://www.securitytracker.com/id/1040514
https://usn.ubuntu.com/3545-1/
https://usn.ubuntu.com/3596-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-5128
BugTraq ID: 103386
http://www.securityfocus.com/bid/103386
Common Vulnerability Exposure (CVE) ID: CVE-2018-5129
Common Vulnerability Exposure (CVE) ID: CVE-2018-5130
Common Vulnerability Exposure (CVE) ID: CVE-2018-5131
Common Vulnerability Exposure (CVE) ID: CVE-2018-5132
Common Vulnerability Exposure (CVE) ID: CVE-2018-5133
Common Vulnerability Exposure (CVE) ID: CVE-2018-5134
Common Vulnerability Exposure (CVE) ID: CVE-2018-5135
Common Vulnerability Exposure (CVE) ID: CVE-2018-5136
Common Vulnerability Exposure (CVE) ID: CVE-2018-5137
Common Vulnerability Exposure (CVE) ID: CVE-2018-5140
Common Vulnerability Exposure (CVE) ID: CVE-2018-5141
Common Vulnerability Exposure (CVE) ID: CVE-2018-5142
Common Vulnerability Exposure (CVE) ID: CVE-2018-5143
Common Vulnerability Exposure (CVE) ID: CVE-2018-5126
Common Vulnerability Exposure (CVE) ID: CVE-2018-5125
https://usn.ubuntu.com/3688-1/
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.