Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : firefox vulnerabilities (USN-3645-1)

Critical Nessus Plugin ID 109798

Synopsis

The remote Ubuntu host is missing a security-related patch.

Description

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, bypass same-origin restrictions, conduct cross-site scripting
(XSS) attacks, install lightweight themes without user interaction,
spoof the filename in the downloads panel, or execute arbitrary code.
(CVE-2018-5150, CVE-2018-5151, CVE-2018-5153, CVE-2018-5154,
CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159,
CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5168,
CVE-2018-5173, CVE-2018-5175, CVE-2018-5177, CVE-2018-5180)

Multiple security issues were discovered with WebExtensions. If a user
were tricked in to installing a specially crafted extension, an
attacker could potentially exploit these to obtain sensitive
information, or bypass security restrictions. (CVE-2018-5152,
CVE-2018-5166)

It was discovered that the web console and JavaScript debugger
incorrectly linkified chrome: and JavaScript URLs. If a user were
tricked in to clicking a specially crafted link, an attacker could
potentially exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2018-5167)

It was discovered that dragging and dropping link text on to the home
button could set the home page to include chrome pages. If a user were
tricked in to dragging and dropping a specially crafted link on to the
home button, an attacker could potentially exploit this bypass
security restrictions. (CVE-2018-5169)

It was discovered that the Live Bookmarks page and PDF viewer would
run script pasted from the clipboard. If a user were tricked in to
copying and pasting specially crafted text, an attacker could
potentially exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2018-5172)

It was discovered that the JSON viewer incorrectly linkified
javascript: URLs. If a user were tricked in to clicking on a specially
crafted link, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2018-5176)

It was discovered that dragging a file: URL on to a tab that is
running in a different process would cause the file to open in that
process. If a user were tricked in to dragging a file: URL, an
attacker could potentially exploit this to bypass intended security
policies. (CVE-2018-5181)

It was discovered that dragging text that is a file: URL on to the
addressbar would open the specified file. If a user were tricked in to
dragging specially crafted text on to the addressbar, an attacker
could potentially exploit this to bypass intended security policies.
(CVE-2018-5182).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution

Update the affected firefox package.

See Also

https://usn.ubuntu.com/3645-1/

Plugin Details

Severity: Critical

ID: 109798

File Name: ubuntu_USN-3645-1.nasl

Version: 1.7

Type: local

Agent: unix

Published: 2018/05/14

Modified: 2018/12/01

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:firefox, cpe:/o:canonical:ubuntu_linux:14.04, cpe:/o:canonical:ubuntu_linux:16.04, cpe:/o:canonical:ubuntu_linux:17.10, cpe:/o:canonical:ubuntu_linux:18.04:-:lts

Patch Publication Date: 2018/05/11

Reference Information

CVE: CVE-2018-5150, CVE-2018-5151, CVE-2018-5152, CVE-2018-5153, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5160, CVE-2018-5163, CVE-2018-5164, CVE-2018-5166, CVE-2018-5167, CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173, CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5180, CVE-2018-5181, CVE-2018-5182

USN: 3645-1