Bug 1096449 - (CVE-2018-6126) VUL-0: CVE-2018-6126: MozillaFirefox 52.81/60.0.2 security release
(CVE-2018-6126)
VUL-0: CVE-2018-6126: MozillaFirefox 52.81/60.0.2 security release
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All All
: P3 - Medium : Critical
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:NVD:CVE-2018-6126:6.8:(AV:N/AC...
:
Depends on: 1096515
Blocks:
  Show dependency treegraph
 
Reported: 2018-06-07 09:54 UTC by Petr Cerny
Modified: 2020-05-12 18:19 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Cerny 2018-06-07 09:54:59 UTC
Upstream release date is 2018-06-06

Firefox 60.0.2/60.0.2 ESR
Firefox 52.8.1 ESR

Seamonkey/Thunderbird I suppose they might be affected, but the MFSA doesn't mention them :/
Comment 1 Marcus Meissner 2018-06-07 10:03:39 UTC
Mozilla Foundation Security Advisory 2018-14
Security vulnerabilities fixed in Firefox 60.0.2

Announced
    June 6, 2018
Impact
    critical
Products
    Firefox, Firefox ESR
Fixed in

        Firefox 60.0.2
        Firefox ESR 52.8.1
        Firefox ESR 60.0.2

#CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia

Reporter
    Ivan Fratric of Google Project Zero
Impact
    high

Description

A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with anti-aliasing turned off. This results in a potentially exploitable crash.
References

    Bug 1462682
Comment 2 Andreas Stieger 2018-06-07 11:43:59 UTC
From:
https://www.mozilla.org/en-US/firefox/60.0.2/releasenotes/
https://www.mozilla.org/en-US/firefox/60.0.2esr/releasenotes/
 
> Updated to NSS 3.36.4 from 3.36.1:
> 
> Connecting to a server that was recently upgraded to TLS 1.3 would result in a
> SSL_RX_MALFORMED_SERVER_HELLO error

We should probably look at including the fix in mozilla-nss.
Comment 3 Wolfgang Rosenauer 2018-06-07 11:55:10 UTC
So Firefox in-tree NSS was bumped to 3.36.4.
I'm going to submit this to Factory in any case.
Which policy should we follow for Leap 15.0? Trying to backport patches (this might fail sooner or later and I haven't looked into this certain case yet).
Comment 4 Andreas Stieger 2018-06-07 12:07:45 UTC
(In reply to Wolfgang Rosenauer from comment #3)
> Which policy should we follow for Leap 15.0? Trying to backport patches
> (this might fail sooner or later and I haven't looked into this certain case
> yet).

As Leap 15.0 gets these updates from SLE 15, we should split off a bug for mozilla-nss, to reflect either the bug from comment #2 or simply the need to have the version as a build dependency for 60.0.2 ESR and later.
Comment 5 Swamp Workflow Management 2018-06-07 18:30:24 UTC
This is an autogenerated message for OBS integration:
This bug (1096449) was mentioned in
https://build.opensuse.org/request/show/615022 15.0+42.3 / MozillaFirefox+mozilla-nss
Comment 7 Swamp Workflow Management 2018-06-08 19:18:17 UTC
openSUSE-SU-2018:1616-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (important)
Bug References: 1093059,1094747,1096449,1096515
CVE References: CVE-2018-6126
Sources used:
openSUSE Leap 42.3 (src):    MozillaFirefox-60.0.2-101.1, mozilla-nss-3.36.4-50.1
openSUSE Leap 15.0 (src):    MozillaFirefox-60.0.2-lp150.3.6.1, mozilla-nss-3.36.4-lp150.2.3.1
Comment 8 Swamp Workflow Management 2018-06-22 16:08:38 UTC
SUSE-SU-2018:1783-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1096449
CVE References: CVE-2018-6126
Sources used:
SUSE OpenStack Cloud 7 (src):    MozillaFirefox-52.8.1esr-109.34.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    MozillaFirefox-52.8.1esr-109.34.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    MozillaFirefox-52.8.1esr-109.34.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    MozillaFirefox-52.8.1esr-109.34.1
SUSE Linux Enterprise Server 12-SP3 (src):    MozillaFirefox-52.8.1esr-109.34.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    MozillaFirefox-52.8.1esr-109.34.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    MozillaFirefox-52.8.1esr-109.34.1
SUSE Linux Enterprise Server 12-LTSS (src):    MozillaFirefox-52.8.1esr-109.34.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    MozillaFirefox-52.8.1esr-109.34.1
SUSE Enterprise Storage 4 (src):    MozillaFirefox-52.8.1esr-109.34.1
Comment 9 Swamp Workflow Management 2018-06-27 13:08:29 UTC
SUSE-SU-2018:1820-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1096449
CVE References: CVE-2018-6126
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    MozillaFirefox-52.8.1esr-72.35.1
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-52.8.1esr-72.35.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    MozillaFirefox-52.8.1esr-72.35.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    MozillaFirefox-52.8.1esr-72.35.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-52.8.1esr-72.35.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    MozillaFirefox-52.8.1esr-72.35.1
Comment 11 Swamp Workflow Management 2018-08-10 13:08:36 UTC
SUSE-SU-2018:2298-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1092548,1096449,1098998
CVE References: CVE-2018-12359,CVE-2018-12360,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12368,CVE-2018-5150,CVE-2018-5154,CVE-2018-5155,CVE-2018-5156,CVE-2018-5157,CVE-2018-5158,CVE-2018-5159,CVE-2018-5168,CVE-2018-5178,CVE-2018-5183,CVE-2018-5188,CVE-2018-6126
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    MozillaFirefox-52.9.0esr-3.7.12
Comment 12 Marcus Meissner 2018-08-30 07:24:45 UTC
done
Comment 13 Swamp Workflow Management 2018-10-18 17:28:52 UTC
SUSE-SU-2018:1783-2: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1096449
CVE References: CVE-2018-6126
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    MozillaFirefox-52.8.1esr-109.34.1