what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2018-18505

Status Candidate

Overview

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

Related Files

Gentoo Linux Security Advisory 201904-07
Posted Apr 2, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-7 - Multiple vulnerabilities have been found in Mozilla Thunderbird and Firefox, the worst of which could lead to the execution of arbitrary code. Versions less than 60.6.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-5824, CVE-2018-18335, CVE-2018-18356, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505, CVE-2018-18506, CVE-2018-18509, CVE-2018-18512, CVE-2018-18513, CVE-2019-5785, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813
MD5 | 92ba9e8ee880006ba890f285ed44030d
Gentoo Linux Security Advisory 201903-04
Posted Mar 11, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-4 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.5.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-12405, CVE-2018-18356, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505, CVE-2019-5785
MD5 | 6751fa8425ac41b61633c4b262443455
Debian Security Advisory 4392-1
Posted Feb 18, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4392-1 - Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, debian
advisories | CVE-2018-18356, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505, CVE-2018-18509, CVE-2019-5785
MD5 | 72eb49943de47e780e6bb6cc43b13415
Red Hat Security Advisory 2019-0269-01
Posted Feb 5, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0269-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5824, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505
MD5 | fb0591a288299e5fe49a0f2cb20bd792
Red Hat Security Advisory 2019-0270-01
Posted Feb 5, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0270-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5824, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505
MD5 | 52955d8be1e3d2573ca2ef7347d4c5d6
Ubuntu Security Notice USN-3874-1
Posted Jan 31, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3874-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. It was discovered that Firefox allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-18500, CVE-2018-18504, CVE-2018-18505, CVE-2018-18506
MD5 | 0610de62126292ee797c34a48f213f8a
Debian Security Advisory 4376-1
Posted Jan 30, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4376-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-18500, CVE-2018-18501, CVE-2018-18505
MD5 | 4f6aa00ae290ef84a9bacd66a05ee470
Red Hat Security Advisory 2019-0218-01
Posted Jan 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0218-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-18500, CVE-2018-18501, CVE-2018-18505
MD5 | 472c1e9e4e6475993b99796d2537e4bb
Red Hat Security Advisory 2019-0219-01
Posted Jan 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0219-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-18500, CVE-2018-18501, CVE-2018-18505
MD5 | 119e1b6a27103d046f02037acf1a4063
Page 1 of 1
Back1Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    9 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close