PT-2019-1436 · Mozilla+5 · Firefox Esr+7

Jed Davis

·

Published

2019-01-29

·

Updated

2024-12-12

·

CVE-2018-18505

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 60.5 Firefox ESR versions prior to 60.5 Firefox versions prior to 65
Description The issue is related to an Inter-process Communication (IPC) vulnerability. It affects the authentication mechanism between IPC endpoints and server parents during IPC process creation. The authentication is insufficient for channels created after the IPC process is started, which could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process.
Recommendations For Thunderbird versions prior to 60.5, update to version 60.5 or later. For Firefox ESR versions prior to 60.5, update to version 60.5 or later. For Firefox versions prior to 65, update to version 65 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-264

Related Identifiers

ALT-PU-2019-1170
ALT-PU-2019-1171
ALT-PU-2019-1173
ALT-PU-2019-2324
ALT-PU-2019-2486
BDU:2019-00819
CESA-2019_0218
CESA-2019_0219
CESA-2019_0269
CESA-2019_0270
CVE-2018-18505
DLA-1648-1
DLA-1678-1
DSA-4376-1
DSA-4392-1
MGASA-2019-0060
MGASA-2019-0069
OPENSUSE-SU-2019:0132-1
OPENSUSE-SU-2019:0249-1
OPENSUSE-SU-2019:0251-1
OPENSUSE-SU-2019:1758-1
OPENSUSE-SU-2019_0132-1
OPENSUSE-SU-2019_0133-1
OPENSUSE-SU-2019_0182-1
OPENSUSE-SU-2019_0251-1
OPENSUSE-SU-2019_1758-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:0218
RHSA-2019:0219
RHSA-2019:0269
RHSA-2019:0270
RHSA-2019_0218
RHSA-2019_0219
RHSA-2019_0269
RHSA-2019_0270
SUSE-SU-2019:0273-1
SUSE-SU-2019:0336-1
SUSE-SU-2019:0336-2
SUSE-SU-2019:0338-1
USN-3874-1
USN-3897-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu