cnvd - cnvd-2018-13964

cnvd-2018-13964

Vulnerability from cnvd

Title

Mozilla Firefox信息泄露漏洞（CNVD-2018-13964）

Description

Mozilla Firefox和Firefox ESR都是美国Mozilla基金会开发的浏览器产品。Firefox是一款开源Web浏览器；Firefox ESR是Firefox的一个延长支持版本。 Mozilla Firefox 61之前版本、Firefox ESR 52.9之前版本和60.1之前版本中存在安全漏洞。攻击者可借助被控制的IPC子进程利用该漏洞列出本地文件名，泄露私人的本地文件。

Severity

中

Patch Name

Mozilla Firefox信息泄露漏洞（CNVD-2018-13964）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/

Reference

https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/

Impacted products

Name
['Mozilla Firefox <61', 'Mozilla Firefox ESR <52.9', 'Mozilla Firefox ESR <60.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104560"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12365"
    }
  },
  "description": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 61\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 52.9\u4e4b\u524d\u7248\u672c\u548c60.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u88ab\u63a7\u5236\u7684IPC\u5b50\u8fdb\u7a0b\u5229\u7528\u8be5\u6f0f\u6d1e\u5217\u51fa\u672c\u5730\u6587\u4ef6\u540d\uff0c\u6cc4\u9732\u79c1\u4eba\u7684\u672c\u5730\u6587\u4ef6\u3002",
  "discovererName": "F. Alonso (revskills), Nils, David Black, Alex Gaynor, OSS-Fuzz, Abdulrahman Alqabandi",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-15/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-13964",
  "openTime": "2018-07-25",
  "patchDescription": "Mozilla Firefox\u548cFirefox ESR\u90fd\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u6d4f\u89c8\u5668\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox 61\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 52.9\u4e4b\u524d\u7248\u672c\u548c60.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u88ab\u63a7\u5236\u7684IPC\u5b50\u8fdb\u7a0b\u5229\u7528\u8be5\u6f0f\u6d1e\u5217\u51fa\u672c\u5730\u6587\u4ef6\u540d\uff0c\u6cc4\u9732\u79c1\u4eba\u7684\u672c\u5730\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-13964\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c61",
      "Mozilla Firefox ESR \u003c52.9",
      "Mozilla Firefox ESR \u003c60.1"
    ]
  },
  "referenceLink": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-28",
  "title": "Mozilla Firefox\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-13964\uff09"
}

CVE-2018-12365 (GCVE-0-2018-12365)

Vulnerability from cvelistv5

Published

2018-10-18 13:00

Modified

2024-08-05 08:30

Severity ?

CWE

Compromised IPC child process can list local filenames

Summary

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

References

URL

Tags

	https://security.gentoo.org/glsa/201810-01	vendor-advisory, x_refsource_GENTOO
	https://www.mozilla.org/security/advisories/mfsa2018-15/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2112	vendor-advisory, x_refsource_REDHAT
	https://security.gentoo.org/glsa/201811-13	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2018/dsa-4235	vendor-advisory, x_refsource_DEBIAN
	https://www.mozilla.org/security/advisories/mfsa2018-18/	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1459206	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2113	vendor-advisory, x_refsource_REDHAT
	https://www.mozilla.org/security/advisories/mfsa2018-16/	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4244	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/104560	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1041193	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2018-19/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2252	vendor-advisory, x_refsource_REDHAT
	https://www.mozilla.org/security/advisories/mfsa2018-17/	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2251	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3705-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3714-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

Mozilla

Thunderbird

Version: unspecified < 60
Version: unspecified < 52.9

	Mozilla	Firefox ESR	Version: unspecified < 60.1 Version: unspecified < 52.9
	Mozilla	Firefox	Version: unspecified < 61

Show details on NVD website