Bug 1077291

Summary:	VUL-0: MozillaFirefox: 58 / 52.6.0 ESR release
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Andreas Stieger <astieger>
Component:	Incidents	Assignee:	Petr Cerny <pcerny>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Major
Priority:	P3 - Medium	CC:	cgrobertson, meissner, sreeves, wolfgang
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
Whiteboard:	CVSSv2:NVD:CVE-2018-5091:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2018-5095:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2018-5096:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2018-5097:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2018-5098:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2018-5102:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2018-5103:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2018-5117:5.0:(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVSSv3:NVD:CVE-2018-5089:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2018-5091:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2018-5095:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2018-5096:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2018-5097:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2018-5098:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2018-5099:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2018-5102:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2018-5103:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2018-5104:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2018-5117:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVSSv3:RedHat:CVE-2018-5089:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2018-5091:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2018-5095:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2018-5096:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2018-5097:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2018-5098:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2018-5099:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2018-5102:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2018-5103:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2018-5104:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2018-5117:6.1:(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSSv3:SUSE:CVE-2018-5089:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2018-5091:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2018-5095:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2018-5096:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2018-5097:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2018-5098:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2018-5099:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2018-5102:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2018-5103:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2018-5104:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2018-5117:6.1:(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Andreas Stieger 2018-01-23 19:11:53 UTC

From https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/
Fixed in Mozilla Firefox 52.6.0 ESR (openSUSE Leap, SLE 12):

CVE-2018-5091: Use-after-free with DTMF timers
CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
CVE-2018-5096: Use-after-free while editing form elements
CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
CVE-2018-5098: Use-after-free while manipulating form input elements
CVE-2018-5099: Use-after-free with widget listener
CVE-2018-5102: Use-after-free in HTML media elements
CVE-2018-5103: Use-after-free during mouse event handling
CVE-2018-5104: Use-after-free during font face manipulation
CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6

For ESR, also contains remainder of bug 1074723.
By extension, also affects Mozilla Thunderbird in the browser context.

From https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
Fixed in Mozilla Firefox 58 (openSUSE Factory):

CVE-2018-5091: Use-after-free with DTMF timers
CVE-2018-5092: Use-after-free in Web Workers
CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory
CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
CVE-2018-5098: Use-after-free while manipulating form input elements
CVE-2018-5099: Use-after-free with widget listener
CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory
CVE-2018-5101: Use-after-free with floating first-letter style elements
CVE-2018-5102: Use-after-free in HTML media elements
CVE-2018-5103: Use-after-free during mouse event handling
CVE-2018-5104: Use-after-free during font face manipulation
CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts
CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker
CVE-2018-5107: Printing process will follow symlinks for local file access
CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs
CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution
CVE-2018-5111: URL spoofing in addressbar through drag and drop
CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel
CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts
CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs
CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access
CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
CVE-2018-5118: Activity Stream images can attempt to load local content through file:
CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers
CVE-2018-5122: Potential integer overflow in DoCrypt
CVE-2018-5090: Memory safety bugs fixed in Firefox 58
CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6

The following affect other platforms:

CVE-2018-5110: Cursor can be made invisible on OS X
CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar

Comment 1 Swamp Workflow Management 2018-01-23 21:30:07 UTC

This is an autogenerated message for OBS integration:
This bug (1077291) was mentioned in
https://build.opensuse.org/request/show/568761 Factory / MozillaFirefox

Comment 2 Swamp Workflow Management 2018-01-24 08:00:07 UTC

This is an autogenerated message for OBS integration:
This bug (1077291) was mentioned in
https://build.opensuse.org/request/show/568817 42.2+42.3 / MozillaFirefox

Comment 4 Andreas Stieger 2018-01-24 21:20:12 UTC

*** Bug 1074723 has been marked as a duplicate of this bug. ***

Comment 5 Swamp Workflow Management 2018-01-25 02:08:00 UTC

openSUSE-SU-2018:0203-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1077291
CVE References: CVE-2018-5089,CVE-2018-5091,CVE-2018-5095,CVE-2018-5096,CVE-2018-5097,CVE-2018-5098,CVE-2018-5099,CVE-2018-5102,CVE-2018-5103,CVE-2018-5104,CVE-2018-5117
Sources used:
openSUSE Leap 42.3 (src):    MozillaFirefox-52.6-75.1
openSUSE Leap 42.2 (src):    MozillaFirefox-52.6-57.30.1

Comment 7 Swamp Workflow Management 2018-01-26 07:50:07 UTC

This is an autogenerated message for OBS integration:
This bug (1077291) was mentioned in
https://build.opensuse.org/request/show/569795 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/569797 42.3 / MozillaThunderbird
https://build.opensuse.org/request/show/569798 42.2 / MozillaThunderbird

Comment 8 Swamp Workflow Management 2018-01-28 02:06:54 UTC

openSUSE-SU-2018:0256-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 1077291
CVE References: CVE-2018-5089,CVE-2018-5095,CVE-2018-5096,CVE-2018-5097,CVE-2018-5098,CVE-2018-5099,CVE-2018-5102,CVE-2018-5103,CVE-2018-5104,CVE-2018-5117
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    MozillaThunderbird-52.6-54.1

Comment 9 Swamp Workflow Management 2018-01-28 02:07:09 UTC

openSUSE-SU-2018:0257-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 1077291
CVE References: CVE-2018-5089,CVE-2018-5095,CVE-2018-5096,CVE-2018-5097,CVE-2018-5098,CVE-2018-5099,CVE-2018-5102,CVE-2018-5103,CVE-2018-5104,CVE-2018-5117
Sources used:
openSUSE Leap 42.3 (src):    MozillaThunderbird-52.6-56.1, MozillaThunderbird-52.6-56.2

Comment 10 Swamp Workflow Management 2018-01-30 07:40:07 UTC

This is an autogenerated message for OBS integration:
This bug (1077291) was mentioned in
https://build.opensuse.org/request/show/570846 Factory / MozillaFirefox

Comment 12 Swamp Workflow Management 2018-02-05 11:10:39 UTC

SUSE-SU-2018:0361-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1077291
CVE References: CVE-2018-5089,CVE-2018-5091,CVE-2018-5095,CVE-2018-5096,CVE-2018-5097,CVE-2018-5098,CVE-2018-5099,CVE-2018-5102,CVE-2018-5103,CVE-2018-5104,CVE-2018-5117
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    MozillaFirefox-52.6.0esr-72.20.2
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-52.6.0esr-72.20.2
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    MozillaFirefox-52.6.0esr-72.20.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    MozillaFirefox-52.6.0esr-72.20.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-52.6.0esr-72.20.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    MozillaFirefox-52.6.0esr-72.20.2

Comment 13 Swamp Workflow Management 2018-02-06 14:09:12 UTC

SUSE-SU-2018:0374-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1077291
CVE References: CVE-2018-5089,CVE-2018-5091,CVE-2018-5095,CVE-2018-5096,CVE-2018-5097,CVE-2018-5098,CVE-2018-5099,CVE-2018-5102,CVE-2018-5103,CVE-2018-5104,CVE-2018-5117
Sources used:
SUSE OpenStack Cloud 6 (src):    MozillaFirefox-52.6.0esr-109.13.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    MozillaFirefox-52.6.0esr-109.13.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    MozillaFirefox-52.6.0esr-109.13.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    MozillaFirefox-52.6.0esr-109.13.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    MozillaFirefox-52.6.0esr-109.13.1
SUSE Linux Enterprise Server 12-SP3 (src):    MozillaFirefox-52.6.0esr-109.13.1
SUSE Linux Enterprise Server 12-SP2 (src):    MozillaFirefox-52.6.0esr-109.13.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    MozillaFirefox-52.6.0esr-109.13.1
SUSE Linux Enterprise Server 12-LTSS (src):    MozillaFirefox-52.6.0esr-109.13.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    MozillaFirefox-52.6.0esr-109.13.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    MozillaFirefox-52.6.0esr-109.13.1

Comment 14 Marcus Meissner 2018-02-06 16:15:19 UTC

released

Comment 16 Swamp Workflow Management 2018-03-02 16:30:06 UTC

This is an autogenerated message for OBS integration:
This bug (1077291) was mentioned in
https://build.opensuse.org/request/show/582016 15.0 / MozillaThunderbird

Comment 20 Swamp Workflow Management 2018-08-07 14:00:26 UTC

This is an autogenerated message for OBS integration:
This bug (1077291) was mentioned in
https://build.opensuse.org/request/show/627876 15.0 / seamonkey
https://build.opensuse.org/request/show/627877 42.3 / seamonkey

Comment 21 Swamp Workflow Management 2018-08-15 13:08:39 UTC

openSUSE-SU-2018:2330-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1020631,1062195,1076907,1077291,1098998
CVE References: CVE-2018-12359,CVE-2018-12360,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-5156,CVE-2018-5188
Sources used:
openSUSE Leap 42.3 (src):    seamonkey-2.49.4-13.3.2
openSUSE Leap 15.0 (src):    seamonkey-2.49.4-lp150.2.3.2

Comment 22 Swamp Workflow Management 2018-09-22 07:22:11 UTC

openSUSE-SU-2018:2807-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1020631,1062195,1076907,1077291,1098998
CVE References: CVE-2018-12359,CVE-2018-12360,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-5156,CVE-2018-5188
Sources used:
openSUSE Backports SLE-15 (src):    seamonkey-2.49.4-bp150.3.3.1

Comment 25 OBSbugzilla Bot 2021-07-08 07:30:29 UTC

This is an autogenerated message for OBS integration:
This bug (1077291) was mentioned in
https://build.opensuse.org/request/show/904702 15.3 / seamonkey

Comment 26 OBSbugzilla Bot 2021-07-22 12:30:30 UTC

This is an autogenerated message for OBS integration:
This bug (1077291) was mentioned in
https://build.opensuse.org/request/show/907731 15.3 / seamonkey

Comment 27 OBSbugzilla Bot 2021-08-26 17:40:30 UTC

This is an autogenerated message for OBS integration:
This bug (1077291) was mentioned in
https://build.opensuse.org/request/show/914429 15.3 / seamonkey

Comment 28 OBSbugzilla Bot 2021-09-28 18:40:31 UTC

This is an autogenerated message for OBS integration:
This bug (1077291) was mentioned in
https://build.opensuse.org/request/show/922046 15.3 / seamonkey

Comment 29 OBSbugzilla Bot 2021-11-16 11:40:34 UTC

This is an autogenerated message for OBS integration:
This bug (1077291) was mentioned in
https://build.opensuse.org/request/show/931737 15.3 / seamonkey