CVE-2018-5168 – Mozilla: Lightweight themes can be installed without user interaction
https://notcve.org/view.php?id=CVE-2018-5168
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Los sitios pueden omitir las comprobaciones de seguridad de los permisos para instalar temas ligeros manipulando la propiedad "baseURI" del elemento theme. Esto podría permitir que un sitio malicioso instale un tema sin la interacción del usuario que podría contener imágenes ofensivas o embarazosas. • http://www.securityfocus.com/bid/104136 http://www.securitytracker.com/id/1040896 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1449548 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://securi • CWE-862: Missing Authorization •
CVE-2018-5183 – Mozilla: Backport critical security fixes in Skia
https://notcve.org/view.php?id=CVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. Los desarrolladores de Mozilla aplicaron los cambios seleccionados en la biblioteca Skia. Estos cambios corrigen los problemas de corrupción de memoria, incluyendo las lecturas y escrituras de búfer no válidas durante las operaciones gráficas. • http://www.securityfocus.com/bid/104138 http://www.securitytracker.com/id/1040898 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1454692 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2018-5158 – Mozilla: Malicious PDF can inject JavaScript into PDF Viewer
https://notcve.org/view.php?id=CVE-2018-5158
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. El visor de PDF no sanea suficientemente las funciones de la calculadora PostScript, lo que permite inyectar JavaScript malicioso a través de un archivo PDF manipulado. Este JavaScript puede ser ejecutado por su worker con los permisos del visor de PDF. • https://github.com/ppcrab/CVE-2018-5158 https://github.com/puzzle-tools/-CVE-2018-5158.pdf http://www.securityfocus.com/bid/104136 http://www.securitytracker.com/id/1040896 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://bugzilla.mozilla.org/show_bug.cgi?id=1452075 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3645-1 https& • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVE-2018-4944 – flash-plugin: Arbitrary Code Execution vulnerability (APSB18-16)
https://notcve.org/view.php?id=CVE-2018-4944
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Flash Player, en versiones 29.0.0.140 y anteriores, tiene una vulnerabilidad explotable de confusión de tipos. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. • http://www.securityfocus.com/bid/104101 http://www.securitytracker.com/id/1040840 https://access.redhat.com/errata/RHSA-2018:1367 https://helpx.adobe.com/security/products/flash-player/apsb18-16.html https://security.gentoo.org/glsa/201806-02 https://access.redhat.com/security/cve/CVE-2018-4944 https://bugzilla.redhat.com/show_bug.cgi?id=1576040 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2018-1089 – 389-ds-base: ns-slapd crash via large filter value in ldapsearch
https://notcve.org/view.php?id=CVE-2018-1089
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. 389-ds-base en versiones anteriores a la 1.4.0.9, 1.3.8.1 y 1.3.6.15 no gestionó correctamente los filtros de búsqueda largos con caracteres que necesitan escapado. Esto podría conducir a desbordamientos de búfer. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. • http://www.securityfocus.com/bid/104137 https://access.redhat.com/errata/RHSA-2018:1364 https://access.redhat.com/errata/RHSA-2018:1380 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://access.redhat.com/security/cve/CVE-2018-1089 https://bugzilla.redhat.com/show_bug.cgi?id=1559802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •