Home / mailings [USN-2550-1] Firefox vulnerabilities
Posted on 01 April 2015
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2550-1
April 01, 2015
firefox vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Olli Pettay and Boris Zbarsky discovered an issue during anchor
navigations in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to bypass same-origin policy restrictions. (CVE-2015-0801)
Bobby Holley discovered that windows created to hold privileged UI conten=
t
retained access to privileged internal methods if navigated to
unprivileged content. An attacker could potentially exploit this in
combination with another flaw, in order to execute arbitrary script in a
privileged context. (CVE-2015-0802)
Several type confusion issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking=
Firefox. (CVE-2015-0803, CVE-2015-0804)
Abhishek Arya discovered memory corruption issues during 2D graphics
rendering. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of=
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-0805, CVE-2015-0806)
Christoph Kerschbaumer discovered that CORS requests from
navigator.sendBeacon() followed 30x redirections after preflight. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to conduct cross-site request forgery
(XSRF) attacks. (CVE-2015-0807)
Mitchell Harper discovered an issue with memory management of simple-type=
arrays in WebRTC. An attacker could potentially exploit this to cause
undefined behaviour. (CVE-2015-0808)
Felix Gr=F6bert discovered an out-of-bounds read in the QCMS colour
management library. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2015-0811)
Armin Razmdjou discovered that lightweight themes could be installed
in Firefox without a user approval message, from Mozilla subdomains
over HTTP without SSL. A remote attacker could potentially exploit this b=
y
conducting a Man-In-The-Middle (MITM) attack to install themes without
user approval. (CVE-2015-0812)
Aki Helin discovered a use-after-free when playing MP3 audio files using
the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were=
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking=
Firefox. (CVE-2015-0813)
Christian Holler, Andrew McCreight, Gary Kwong, Karl Tomlinson, Randell
Jesup, Shu-yu Guo, Steve Fink, Tooru Fujisawa, and Byron Campen discovere=
d
multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploi=
t
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-0814, CVE-2015-0815)
Mariusz Mlynski discovered that documents loaded via resource: URLs (such=
as PDF.js) could load privileged chrome pages. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this in combination with another flaw, in order to execute
arbitrary script in a privileged context. (CVE-2015-0816)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
firefox 37.0+build2-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
firefox 37.0+build2-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
firefox 37.0+build2-0ubuntu0.12.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2550-1
CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804,
CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808,
CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814,
CVE-2015-0815, CVE-2015-0816
Package Information:
https://launchpad.net/ubuntu/+source/firefox/37.0+build2-0ubuntu0.14.10=
=2E1
https://launchpad.net/ubuntu/+source/firefox/37.0+build2-0ubuntu0.14.04=
=2E1
https://launchpad.net/ubuntu/+source/firefox/37.0+build2-0ubuntu0.12.04=
=2E1