[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-18505Date: (C)2019-05-30   (M)2024-03-27


An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 10.0CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 6.0Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
BID-106781
DSA-4376
DSA-4392
GLSA-201903-04
GLSA-201904-07
RHSA-2019:0218
RHSA-2019:0219
RHSA-2019:0269
RHSA-2019:0270
USN-3874-1
USN-3897-1
https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html
https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1087565
https://www.mozilla.org/security/advisories/mfsa2019-01/
https://www.mozilla.org/security/advisories/mfsa2019-02/
https://www.mozilla.org/security/advisories/mfsa2019-03/
openSUSE-SU-2019:1758

CPE    452
cpe:/a:mozilla:firefox:37.0
cpe:/a:mozilla:firefox_esr:17.0.10
cpe:/a:mozilla:firefox_esr:38.0
cpe:/a:mozilla:firefox:-
...
CWE    1
CWE-287
OVAL    31
oval:org.secpod.oval:def:2103530
oval:org.secpod.oval:def:89003361
oval:org.secpod.oval:def:1801349
oval:org.secpod.oval:def:53516
...

© SecPod Technologies