CVE-2018-18505

CVE-2018-18505

Name

CVE-2018-18505

Description

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-03/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-02/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2019-01/
Issue Tracking	https://bugzilla.mozilla.org/show_bug.cgi?id=1087565
Third Party Advisory	https://www.debian.org/security/2019/dsa-4376
Third Party Advisory	https://usn.ubuntu.com/3874-1/
Mailing List	https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html
Third Party Advisory	https://access.redhat.com/errata/RHSA-2019:0270
Third Party Advisory	https://access.redhat.com/errata/RHSA-2019:0269
Third Party Advisory	https://access.redhat.com/errata/RHSA-2019:0219
Third Party Advisory	https://access.redhat.com/errata/RHSA-2019:0218
Third Party Advisory	http://www.securityfocus.com/bid/106781
Third Party Advisory	https://www.debian.org/security/2019/dsa-4392
Mailing List	https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html
Third Party Advisory	https://usn.ubuntu.com/3897-1/
Third Party Advisory	https://security.gentoo.org/glsa/201903-04
Third Party Advisory	https://security.gentoo.org/glsa/201904-07
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html

Type

URI

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-03/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-02/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2019-01/

Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1087565

Third Party Advisory

https://www.debian.org/security/2019/dsa-4376

Third Party Advisory

https://usn.ubuntu.com/3874-1/

Mailing List

https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0270

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0269

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0219

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0218

Third Party Advisory

http://www.securityfocus.com/bid/106781

Third Party Advisory

https://www.debian.org/security/2019/dsa-4392

Mailing List

https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html

Third Party Advisory

https://usn.ubuntu.com/3897-1/

Third Party Advisory

https://security.gentoo.org/glsa/201903-04

Third Party Advisory

https://security.gentoo.org/glsa/201904-07

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:mozilla:firefox::::::::`	firefox	>= None	< 65.0
`cpe:2.3:a:mozilla:thunderbird::::::::`	thunderbird	>= None	< 60.5.0
`cpe:2.3:a:mozilla:firefox_esr::::::::`	firefox_esr	>= None	< 60.5.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

firefox

>= None

< 65.0

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

thunderbird

>= None

< 60.5.0

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

firefox_esr

>= None

< 60.5.0

References

Match rules

Vulnerable and fixed packages