Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : firefox regressions (USN-3544-2)

Critical Nessus Plugin ID 106790

Synopsis

The remote Ubuntu host is missing a security-related patch.

Description

USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web
compatibility regression and a tab crash during printing in some
circumstances. This update fixes the problem.

We apologize for the inconvenience.

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, spoof the origin in audio capture prompts, trick the user in to
providing HTTP credentials for another origin, spoof the addressbar
contents, or execute arbitrary code. (CVE-2018-5089, CVE-2018-5090,
CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094,
CVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099,
CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5109, CVE-2018-5114, CVE-2018-5115,
CVE-2018-5117, CVE-2018-5122)

Multiple security issues were discovered in WebExtensions.
If a user were tricked in to installing a specially crafted
extension, an attacker could potentially exploit these to
gain additional privileges, bypass same-origin restrictions,
or execute arbitrary code. (CVE-2018-5105, CVE-2018-5113,
CVE-2018-5116)

A security issue was discovered with the developer tools. If
a user were tricked in to opening a specially crafted
website with the developer tools open, an attacker could
potentially exploit this to obtain sensitive information
from other origins. (CVE-2018-5106)

A security issue was discovered with printing. An attacker
could potentially exploit this to obtain sensitive
information from local files. (CVE-2018-5107)

It was discovered that manually entered blob URLs could be
accessed by subsequent private browsing tabs. If a user were
tricked in to entering a blob URL, an attacker could
potentially exploit this to obtain sensitive information
from a private browsing context. (CVE-2018-5108)

It was discovered that dragging certain specially formatted
URLs to the addressbar could cause the wrong URL to be
displayed. If a user were tricked in to opening a specially
crafted website and dragging a URL to the addressbar, an
attacker could potentially exploit this to spoof the
addressbar contents. (CVE-2018-5111)

It was discovered that WebExtension developer tools panels
could open non-relative URLs. If a user were tricked in to
installing a specially crafted extension and running the
developer tools, an attacker could potentially exploit this
to gain additional privileges. (CVE-2018-5112)

It was discovered that ActivityStream images can attempt to
load local content through file: URLs. If a user were
tricked in to opening a specially crafted website, an
attacker could potentially exploit this in combination with
another vulnerability that allowed sandbox protections to be
bypassed, in order to obtain sensitive information from
local files. (CVE-2018-5118)

It was discovered that the reader view will load
cross-origin content in violation of CORS headers. An
attacker could exploit this to bypass CORS restrictions.
(CVE-2018-5119).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution

Update the affected firefox package.

See Also

https://usn.ubuntu.com/3544-2/

Plugin Details

Severity: Critical

ID: 106790

File Name: ubuntu_USN-3544-2.nasl

Version: 3.10

Type: local

Agent: unix

Published: 2018/02/13

Modified: 2018/12/01

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:firefox, cpe:/o:canonical:ubuntu_linux:14.04, cpe:/o:canonical:ubuntu_linux:16.04, cpe:/o:canonical:ubuntu_linux:17.10

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2018/02/12

Reference Information

CVE: CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5105, CVE-2018-5106, CVE-2018-5107, CVE-2018-5108, CVE-2018-5109, CVE-2018-5111, CVE-2018-5112, CVE-2018-5113, CVE-2018-5114, CVE-2018-5115, CVE-2018-5116, CVE-2018-5117, CVE-2018-5118, CVE-2018-5119, CVE-2018-5122

USN: 3544-2