Mozilla Firefox ESR < 60.3 Multiple Vulnerabilities

High Nessus Plugin ID 118395

Synopsis

A web browser installed on the remote Windows host is affected by
multiple vulnerabilities.

Description

The version of Mozilla Firefox ESR installed on the remote Windows
host is prior to 60.3. It is, therefore, affected by multiple
vulnerabilities :

- During HTTP Live Stream playback on Firefox for Android,
audio data can be accessed across origins in violation
of security policies. Because the problem is in the
underlying Android service, this issue is addressed by
treating all HLS streams as cross-origin and opaque to
access. *Note: this issue only affects Firefox for
Android. Desktop versions of Firefox are unaffected.*
(CVE-2018-12391)

- When manipulating user events in nested loops while
opening a document through script, it is possible to
trigger a potentially exploitable crash due to poor
event handling. (CVE-2018-12392)

- A potential vulnerability was found in 32-bit builds
where an integer overflow during the conversion of
scripts to an internal UTF-16 representation could
result in allocating a buffer too small for the
conversion. This leads to a possible out-of-bounds
write. *Note: 64-bit builds are not vulnerable to
this issue.* (CVE-2018-12393)

- By rewriting the Host request headers using the
webRequest API, a WebExtension can bypass domain
restrictions through domain fronting. This would
allow access to domains that share a host that are
otherwise restricted. (CVE-2018-12395)

- A vulnerability where a WebExtension can run content
scripts in disallowed contexts following navigation or
other events. This allows for potential privilege
escalation by the WebExtension on sites where content
scripts should not be run. (CVE-2018-12396)

- A WebExtension can request access to local files
without the warning prompt stating that the extension
will 'Access your data for all websites' being displayed
to the user. This allows extensions to run content
scripts in local pages without permission warnings when
a local file is opened. (CVE-2018-12397)

- Mozilla developers and community members Daniel
Veditz and Philipp reported memory safety bugs present
in Firefox ESR 60.2. Some of these bugs showed
evidence of memory corruption and we presume that with
enough effort that some of these could be exploited to
run arbitrary code. (CVE-2018-12389)

- Mozilla developers and community members Christian
Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason
Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane,
Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes,
and Bogdan Tara reported memory safety bugs present in
Firefox 62 and Firefox ESR 60.2. Some of these bugs
showed evidence of memory corruption and we presume that
with enough effort that some of these could be
exploited to run arbitrary code. (CVE-2018-12390)

Note that Nessus has not attempted to exploit these issues but has
instead relied only on the application's self-reported version number.

Solution

Upgrade to Mozilla Firefox ESR version 60.3 or later.

See Also

http://www.nessus.org/u?614520ad

http://www.nessus.org/u?99f950cc

http://www.nessus.org/u?4146eabd

http://www.nessus.org/u?ec6f6183

http://www.nessus.org/u?a30fef4e

http://www.nessus.org/u?75a288c2

http://www.nessus.org/u?a5c1931e

http://www.nessus.org/u?56a8a5aa

http://www.nessus.org/u?10a58f5f

http://www.nessus.org/u?56bedc2c

http://www.nessus.org/u?2fa35353

http://www.nessus.org/u?9ce74e28

http://www.nessus.org/u?6af37c5b

http://www.nessus.org/u?55d351a5

http://www.nessus.org/u?82482803

http://www.nessus.org/u?a6a9565b

http://www.nessus.org/u?5daf782e

http://www.nessus.org/u?166aa054

http://www.nessus.org/u?a933cb35

http://www.nessus.org/u?39935a02

http://www.nessus.org/u?c5b58d2f

http://www.nessus.org/u?f6925998

http://www.nessus.org/u?a31d3226

http://www.nessus.org/u?f93877a1

http://www.nessus.org/u?b3a7cc16

http://www.nessus.org/u?ef389f56

http://www.nessus.org/u?82d76ead

http://www.nessus.org/u?7aced437

Plugin Details

Severity: High

ID: 118395

File Name: mozilla_firefox_60_3_esr.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 2018/10/25

Modified: 2018/12/21

Dependencies: 20862

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2018-12390

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Patch Publication Date: 2018/10/23

Vulnerability Publication Date: 2018/10/23

Reference Information

CVE: CVE-2018-12389, CVE-2018-12390, CVE-2018-12391, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397