CVE-2018-18505

high-risk

Published 2019-02-05

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

Do I need to act?

3.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 10.0/10 Critical

NETWORK / LOW complexity

Affected Products (17)

Firefox

Thunderbird

Ubuntu Linux

Debian Linux

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Affected Vendors

Debian Redhat Mozilla Canonical

References (36)

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html

Third Party Advisory http://www.securityfocus.com/bid/106781

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0218

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0219

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0269

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0270

Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=1087565

Mailing List https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html

Mailing List https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html

Third Party Advisory https://security.gentoo.org/glsa/201903-04

Third Party Advisory https://security.gentoo.org/glsa/201904-07

Third Party Advisory https://usn.ubuntu.com/3874-1/

Third Party Advisory https://usn.ubuntu.com/3897-1/

Third Party Advisory https://www.debian.org/security/2019/dsa-4376

Third Party Advisory https://www.debian.org/security/2019/dsa-4392

Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-01/

Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-02/

Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2019-03/

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html

Third Party Advisory http://www.securityfocus.com/bid/106781

and 16 more references

/ 100

high-risk

Severity 33/34 · Critical

Exploitability 6/34 · Minimal

Exposure 19/34 · Moderate