Home / mailingsPDF  

[USN-2550-1] Firefox vulnerabilities

Posted on 01 April 2015
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-2550-1
April 01, 2015

firefox vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Olli Pettay and Boris Zbarsky discovered an issue during anchor
navigations in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to bypass same-origin policy restrictions. (CVE-2015-0801)

Bobby Holley discovered that windows created to hold privileged UI conten=
t
retained access to privileged internal methods if navigated to
unprivileged content. An attacker could potentially exploit this in
combination with another flaw, in order to execute arbitrary script in a
privileged context. (CVE-2015-0802)

Several type confusion issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking=

Firefox. (CVE-2015-0803, CVE-2015-0804)

Abhishek Arya discovered memory corruption issues during 2D graphics
rendering. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of=

service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-0805, CVE-2015-0806)

Christoph Kerschbaumer discovered that CORS requests from
navigator.sendBeacon() followed 30x redirections after preflight. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to conduct cross-site request forgery
(XSRF) attacks. (CVE-2015-0807)

Mitchell Harper discovered an issue with memory management of simple-type=

arrays in WebRTC. An attacker could potentially exploit this to cause
undefined behaviour. (CVE-2015-0808)

Felix Gr=F6bert discovered an out-of-bounds read in the QCMS colour
management library. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2015-0811)

Armin Razmdjou discovered that lightweight themes could be installed
in Firefox without a user approval message, from Mozilla subdomains
over HTTP without SSL. A remote attacker could potentially exploit this b=
y
conducting a Man-In-The-Middle (MITM) attack to install themes without
user approval. (CVE-2015-0812)

Aki Helin discovered a use-after-free when playing MP3 audio files using
the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were=

tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking=

Firefox. (CVE-2015-0813)

Christian Holler, Andrew McCreight, Gary Kwong, Karl Tomlinson, Randell
Jesup, Shu-yu Guo, Steve Fink, Tooru Fujisawa, and Byron Campen discovere=
d
multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploi=
t
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-0814, CVE-2015-0815)

Mariusz Mlynski discovered that documents loaded via resource: URLs (such=

as PDF.js) could load privileged chrome pages. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this in combination with another flaw, in order to execute
arbitrary script in a privileged context. (CVE-2015-0816)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
firefox 37.0+build2-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:
firefox 37.0+build2-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
firefox 37.0+build2-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2550-1
CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804,
CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808,
CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814,
CVE-2015-0815, CVE-2015-0816

Package Information:
https://launchpad.net/ubuntu/+source/firefox/37.0+build2-0ubuntu0.14.10=
=2E1
https://launchpad.net/ubuntu/+source/firefox/37.0+build2-0ubuntu0.14.04=
=2E1
https://launchpad.net/ubuntu/+source/firefox/37.0+build2-0ubuntu0.12.04=
=2E1

 

TOP

Mailings :

Exploits :