Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM87307F9D585696AD985E12337307FDF84D0E5EF5C6F4823F4B7EDAC2424C818E
HistoryMay 02, 2019 - 8:10 a.m.

Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS

2019-05-0208:10:01
www.ibm.com
41

0.019 Low

EPSS

Percentile

88.5%

JSON

Summary

There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.1.0 to 1.5.2.10 of IBM SONAS

Vulnerability Details

IBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla Firefox shipped in certain versions of IBM SONAS. These vulnerabilities concern the potential ability of a remote attacker to execute arbitrary code on a vulnerable system or cause a denial of service.

CVEID: CVE-2018-17466 DESCRIPTION: Mozilla Firefox is vulnerable to a buffer overflow, caused by improper bounds checking and an out-of-bounds read in TextureStorage11 within the ANGLE graphics library. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154146&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-12405 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154144&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-18492 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free after deleting a selection element due to a weak reference to the select element in the options collection. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154147&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-18493 DESCRIPTION: Mozilla Firefox is vulnerable to a buffer overflow, caused by improper bounds checking in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154148&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-18494 DESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using performance.getEntries() to bypass same-origin policy and steal cross-origin URLs.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154149&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID: CVE-2018-18498 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow during buffer size calculations for images when a raw value is used instead of the checked value. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154153&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM SONAS
The product is affected when running code releases 1.5.1.0 to 1.5.2.10

Remediation/Fixes

A fix for these issues is in version 1.5.2.11 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.5.2.11 or a later version, so that the fix gets applied.

Workarounds and Mitigations

Workaround(s) :
Normal operation of IBM SONAS does not require or call for customers to use Firefox to access the Internet. Although IBM recommends that you install a level of IBM SONAS code with a fix, you can avoid these vulnerabilities by not using Mozilla Firefox within your IBM SONAS system to access the Internet.

Mitigation: None

Related

openvas 34
nessus 54
oraclelinux 4
altlinux 2
redhat 5
osv 5
mozilla 3
debian 4
centos 4
amazon 1
kaspersky 3
slackware 1
suse 7
mageia 1
ubuntu 2
freebsd 1
archlinux 2
gentoo 2
cve 6
debiancve 6
nvd 6
prion 6
ubuntucve 6
attackerkb 1
veracode 6
cvelist 6
redhatcve 6
myhack58 1
threatpost 1
chrome 1
fedora 2
openvas
openvas
Debian: Security Advisory (DLA-1605-1)
2018-12-12 00:00:00
Mozilla Firefox ESR Security Advisories (MFSA2018-29, MFSA2018-30) - Windows
2018-12-13 00:00:00
CentOS Update for firefox CESA-2018:3833 centos7
2018-12-25 00:00:00
nessus
nessus
Debian DSA-4354-1 : firefox-esr - security update
2018-12-13 00:00:00
openSUSE Security Update : Mozilla Firefox (openSUSE-2019-1004)
2019-03-27 00:00:00
RHEL 6 : firefox (RHSA-2018:3831)
2018-12-18 00:00:00
oraclelinux
oraclelinux
firefox security update
2018-12-18 00:00:00
thunderbird security update
2019-01-25 00:00:00
firefox security update
2018-12-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 60.4.0-alt1
2018-12-11 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 60.4.0-alt1
2018-12-24 00:00:00
redhat
redhat
(RHSA-2019:0160) Important: thunderbird security update
2019-01-24 21:48:12
(RHSA-2019:0159) Important: thunderbird security update
2019-01-24 21:47:18
(RHSA-2018:3831) Critical: firefox security update
2018-12-17 13:56:10
osv
osv
thunderbird - security update
2019-01-01 00:00:00
firefox-esr - security update
2018-12-13 00:00:00
firefox-esr - security update
2018-12-12 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird 60.4 — Mozilla
2018-12-21 00:00:00
Security vulnerabilities fixed in Firefox ESR 60.4 — Mozilla
2018-12-11 00:00:00
Security vulnerabilities fixed in Firefox 64 — Mozilla
2018-12-11 00:00:00
debian
debian
[SECURITY] [DSA 4354-1] firefox-esr security update
2018-12-12 21:08:52
[SECURITY] [DLA 1605-1] firefox-esr security update
2018-12-13 09:12:03
[SECURITY] [DSA 4330-1] chromium-browser security update
2018-11-02 11:47:45
centos
centos
firefox security update
2018-12-21 19:07:59
thunderbird security update
2019-02-01 23:12:43
thunderbird security update
2019-02-01 23:14:30
amazon
amazon
Critical: thunderbird
2019-03-07 05:55:00
kaspersky
kaspersky
KLA11406 Multiple vulnerabilities in Mozilla Thunderbird
2018-12-21 00:00:00
KLA11389 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2018-12-11 00:00:00
KLA11338 Multiple vulnerabilities in Google Chrome
2018-10-16 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2018-12-12 04:59:01
suse
suse
Security update for Mozilla Firefox (important)
2018-12-13 12:09:13
Security update for MozillaThunderbird (important)
2019-02-14 00:00:00
Security update for MozillaThunderbird (important)
2019-02-26 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2018-12-16 00:29:48
ubuntu
ubuntu
Firefox vulnerabilities
2018-12-11 00:00:00
Thunderbird vulnerabilities
2019-01-24 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2018-12-11 00:00:00
archlinux
archlinux
[ASA-201812-9] firefox: multiple issues
2018-12-12 00:00:00
[ASA-201810-12] chromium: multiple issues
2018-10-17 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2019-03-10 00:00:00
Chromium: Multiple vulnerabilities
2018-11-23 00:00:00
cve
cve
CVE-2018-18498
2019-02-28 18:29:01
CVE-2018-18493
2019-02-28 18:29:01
CVE-2018-18492
2019-02-28 18:29:01
debiancve
debiancve
CVE-2018-18492
2019-02-28 18:29:01
CVE-2018-18498
2019-02-28 18:29:01
CVE-2018-18493
2019-02-28 18:29:01
nvd
nvd
CVE-2018-18492
2019-02-28 18:29:01
CVE-2018-18493
2019-02-28 18:29:01
CVE-2018-18494
2019-02-28 18:29:01
prion
prion
Buffer overflow
2019-02-28 18:29:00
Design/Logic Flaw
2019-02-28 18:29:00
Design/Logic Flaw
2018-11-14 15:29:00
ubuntucve
ubuntucve
CVE-2018-18492
2018-12-11 00:00:00
CVE-2018-18494
2018-12-11 00:00:00
CVE-2018-18493
2018-12-11 00:00:00
attackerkb
attackerkb
CVE-2018-18492: Mozilla Firefox Select Element Use-After-Free
2019-02-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:23:44
Insecure Same-Origin Policy
2019-05-16 03:23:45
Denial Of Service (DoS)
2019-05-16 03:23:44
cvelist
cvelist
CVE-2018-18492
2019-02-28 18:00:00
CVE-2018-18498
2019-02-28 18:00:00
CVE-2018-18493
2019-02-28 18:00:00
redhatcve
redhatcve
CVE-2018-18494
2020-04-08 21:02:32
CVE-2018-18498
2020-04-03 01:57:03
CVE-2018-18492
2020-04-05 04:53:55
myhack58
myhack58
Each rush of the weekend, all need to work together light getting tired of the twice cooked pork to enrich their inexplicable restlessness-vulnerability warning-the black bar safety net
2019-07-08 00:00:00
threatpost
threatpost
On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy
2018-10-17 14:04:48
chrome
chrome
Stable Channel Update for Desktop
2018-10-16 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: chromium-70.0.3538.77-4.fc29
2018-11-23 02:32:21
[SECURITY] Fedora 28 Update: chromium-70.0.3538.110-1.fc28
2018-11-30 02:14:11

0.019 Low

EPSS

Percentile

88.5%

JSON
Related for 87307F9D585696AD985E12337307FDF84D0E5EF5C6F4823F4B7EDAC2424C818E
openvas34nessus54oraclelinux4altlinux2redhat5osv5mozilla3debian4centos4amazon1kaspersky3slackware1suse7mageia1ubuntu2freebsd1archlinux2gentoo2cve6debiancve6nvd6prion6ubuntucve6attackerkb1veracode6cvelist6redhatcve6myhack581threatpost1chrome1fedora2