CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2018-5154 – Mozilla: Use-after-free with SVG animations and clip paths
https://notcve.org/view.php?id=CVE-2018-5154
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se enumeran atributos durante las animaciones SVG con las rutas de clips. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/104136 http://www.securitytracker.com/id/1040896 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1443092 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://securi • CWE-416: Use After Free •
CVE-2018-5157 – Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files
https://notcve.org/view.php?id=CVE-2018-5157
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. Las protecciones del mismo origen para el visor de PDF pueden omitirse, lo que permite que un sitio malicioso intercepte los mensajes destinados al visor. Esto podría permitir que el sitio recupere archivos PDF restringidos para que lo visualice un usuario autenticado en un sitio web de terceros. • http://www.securityfocus.com/bid/104136 http://www.securitytracker.com/id/1040896 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://bugzilla.mozilla.org/show_bug.cgi?id=1449898 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3645-1 https://www.debian.org/security/2018/dsa-4199 https://www.mozilla.org/security/advisories/mfsa2018-11 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2018-5178 – Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
https://notcve.org/view.php?id=CVE-2018-5178
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. Se ha encontrado un desbordamiento de búfer durante la conversión de cadenas UTF8 a Unicode dentro de JavaScript con cantidades de datos extremadamente grandes. Esta vulnerabilidad requiere el uso de una extensión heredada maliciosa o vulnerable para que se produzca. • http://www.securityfocus.com/bid/104138 http://www.securitytracker.com/id/1040898 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1443891 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2018-5183 – Mozilla: Backport critical security fixes in Skia
https://notcve.org/view.php?id=CVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. Los desarrolladores de Mozilla aplicaron los cambios seleccionados en la biblioteca Skia. Estos cambios corrigen los problemas de corrupción de memoria, incluyendo las lecturas y escrituras de búfer no válidas durante las operaciones gráficas. • http://www.securityfocus.com/bid/104138 http://www.securitytracker.com/id/1040898 https://access.redhat.com/errata/RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1454692 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •