Category Archives: Advisories

USN-5726-1: Firefox vulnerabilities

Read Time:1 Minute, 15 Second

Multiple security issues were discovered in Firefox. If a user were tricked
into opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service, spoof the contents of the
addressbar, bypass security restrictions, cross-site tracing or execute
arbitrary code. (CVE-2022-45403, CVE-2022-45404, CVE-2022-45405,
CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410,
CVE-2022-45411, CVE-2022-45413, CVE-2022-40674, CVE-2022-45418, CVE-2022-45419,
CVE-2022-45420, CVE-2022-45421)

Armin Ebert discovered that Firefox did not properly manage while resolving
file symlink. If a user were tricked into opening a specially crafted weblink,
an attacker could potentially exploit these to cause a denial of service.
(CVE-2022-45412)

Jefferson Scher and Jayateertha Guruprasad discovered that Firefox did not
properly sanitize the HTML download file extension under certain circumstances.
If a user were tricked into downloading and executing malicious content, a
remote attacker could execute arbitrary code with the privileges of the user
invoking the programs. (CVE-2022-45415)

Erik Kraft, Martin Schwarzl, and Andrew McCreight discovered that Firefox
incorrectly handled keyboard events. An attacker could possibly use this
issue to perform a timing side-channel attack and possibly figure out which
keys are being pressed. (CVE-2022-45416)

Kagami discovered that Firefox did not detect Private Browsing Mode correctly.
An attacker could possibly use this issue to obtain sensitive information about
Private Browsing Mode.
(CVE-2022-45417)

Read More

LSN-0090-1: Kernel Live Patch Security Notice

Read Time:1 Minute, 20 Second

David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute
arbitrary code. (CVE-2022-1015)

David Bouman and Billy Jheng Bing Jhong discovered that a race condition
existed in the io_uring subsystem in the Linux kernel, leading to a use-
after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.(CVE-2022-2602)

Sönke Huster discovered that an integer overflow vulnerability existed
in the WiFi driver stack in the Linux kernel, leading to a buffer
overflow. A physically proximate attacker could use this to cause an
denial of service (system crash) or possibly execute arbitrary code.(CVE-2022-41674)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly perform reference counting in some situations, leading to a
use-after-free vulnerability. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-42720)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly handle BSSID/SSID lists in some situations. A physically
proximate attacker could use this to cause a denial of service (infinite
loop). (CVE-2022-42721)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2022-42722)

Read More

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

Read Time:44 Second

Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird, the most severe of which could allow for arbitrary code execution.

Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is a free and open-source cross-platform email client, personal information manager, news client, RSS and chat client
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Path Traversal Vulnerability (CVE-2022-0902) in ABB Flow Computer and Remote Controllers

Read Time:1 Minute, 57 Second

FortiGuard Labs is aware a path-traversal vulnerability (CVE-2022-0902) that affects ABB Totalflow flow computers and remote controllers widely used by oil and gas utility companies. Successfully exploiting the vulnerability allows an attacker to inject and execute arbitrary code. The vulnerability is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers.Why is this Significant?This is significant because the new vulnerability (CVE-2022-0902) affects ABB TotalFlow flow computers and remote controllers widely used by oil and gas utility companies. ABB TotalFlow is used to calculate oil and gas volume and flow rates and is also used for billing and other purposes.By successfully exploiting the vulnerability, an attacker may be able to hinder affected oil and gas companies’ abilities to correctly measure oil and gas flow, which may lead to safety issues and interruption of business.What is CVE-2022-0902?CVE-2022-0902 is a path-traversal vulnerability (CVE-2022-0902) in ABB TotalFlow flow computers and remote controllers. The vulnerability allows an attacker to gain access to restricted directories in ABB flow computers leading to arbitrary code execution in an affected system node.CVE-2022-0902 has a CVSS score of 8.1.What Products are Affected by the Vulnerability?According to the advisory issued by ABB, the following products are affected by the vulnerability:• RMC-100• RMC100L ITE• XIO• XFCG5• XRCG5• uFLOG5• UDCAll versions of the products without the latest update are vulnerable to CVE-2022-0902.Is CVE-2022-0902 being Exploited in the Wild?FortiGuard Labs is not aware that CVE-2022-0902 is exploited in the wild.Has the Vendor Released an Advisory?Yes. Please see the Appendix for a link to “ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access CVE ID: CVE-2022-0902”.Has the Vendor Released a Patch?Yes, the vendor released a firmware update.What is the Status of Protection?FortiGuard Labs is currently investigating protection for CVE-2022-0902. We will update this Threat Signal when protection becomes available.Any Suggested Mitigation?The advisory issued by ABB includes mitigation and workarounds information. See the Appendix for a link to “ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access CVE ID: CVE-2022-0902”.

Read More