TTCSIRT-161.090718: TT-CSIRT Advisory – Mozilla Security Updates

TTCSIRT-161.090718: TT-CSIRT Advisory – Mozilla Security Updates

Mozilla has released a security update stating that the following issues have been found in Mozilla Firefox ver 62.0:

a) A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash – (CVE-2018-12378).

b) Browser proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system – (CVE-2017-16541).

c) When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash – (CVE-2018-12379).

Further information vulnerabilities and how they can be mitigated can be found on the Mozilla Website at https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/