CVE-2018-18505 | Tenable®

Trang chủ » C 18505 » CVE-2018-18505 | Tenable®

Có thể bạn quan tâm

  • Tenable
  • Plugins
  • Overview
  • Plugins Pipeline
  • Newest
  • Updated
  • Search
  • Nessus Families
  • WAS Families
  • NNM Families
  • LCE Families
  • Tenable OT Security Families
  • About Plugin Families
  • Release Notes
  • Audits
  • Overview
  • Newest
  • Updated
  • Search Audit Files
  • Search Items
  • References
  • Authorities
  • Documentation
  • Download All Audit Files
  • Indicators
  • Overview
  • Search
  • Indicators of Attack
  • Indicators of Exposure
  • CVEs
  • Overview
  • Newest
  • Updated
  • Search
  • Attack Path Techniques
  • Overview
  • Search
Detections
  • Plugins
  • Overview
  • Plugins Pipeline
  • Release Notes
  • Newest
  • Updated
  • Search
  • Nessus Families
  • WAS Families
  • NNM Families
  • LCE Families
  • Tenable OT Security Families
  • About Plugin Families
  • Audits
  • Overview
  • Newest
  • Updated
  • Search Audit Files
  • Search Items
  • References
  • Authorities
  • Documentation
  • Download All Audit Files
  • Indicators
  • Overview
  • Search
  • Indicators of Attack
  • Indicators of Exposure
Analytics
  • CVEs
  • Overview
  • Newest
  • Updated
  • Search
  • Attack Path Techniques
  • Overview
  • Search
  1. CVEs
  2. CVE-2018-18505
  1. CVEs
CVE-2018-18505
critical
  • Information
  • CPEs
  • Plugins

Description

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

References

https://www.mozilla.org/security/advisories/mfsa2019-03/

https://www.mozilla.org/security/advisories/mfsa2019-02/

https://www.mozilla.org/security/advisories/mfsa2019-01/

https://www.debian.org/security/2019/dsa-4392

https://www.debian.org/security/2019/dsa-4376

https://usn.ubuntu.com/3897-1/

https://usn.ubuntu.com/3874-1/

https://security.gentoo.org/glsa/201904-07

https://security.gentoo.org/glsa/201903-04

https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html

https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1087565

https://access.redhat.com/errata/RHSA-2019:0270

https://access.redhat.com/errata/RHSA-2019:0269

https://access.redhat.com/errata/RHSA-2019:0219

https://access.redhat.com/errata/RHSA-2019:0218

http://www.securityfocus.com/bid/106781

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html

Details

Source: Mitre, NVD

Published: 2019-02-05

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

Từ khóa » C 18505