Home / mailings [USN-2505-1] Firefox vulnerabilities
Posted on 25 February 2015
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2505-1
February 25, 2015
firefox vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Matthew Noorenberghe discovered that whitelisted Mozilla domains could
make UITour API calls from background tabs. If one of these domains were
compromised and open in a background tab, an attacker could potentially
exploit this to conduct clickjacking attacks. (CVE-2015-0819)
Jan de Mooij discovered an issue that affects content using the Caja
Compiler. If web content loads specially crafted code, this could be used=
to bypass sandboxing security measures provided by Caja. (CVE-2015-0820)
Armin Razmdjou discovered that opening hyperlinks with specific mouse
and key combinations could allow a Chrome privileged URL to be opened
without context restrictions being preserved. If a user were tricked in t=
o
opening a specially crafted website, an attacker could potentially exploi=
t
this to bypass security restrictions. (CVE-2015-0821)
Armin Razmdjou discovered that contents of locally readable files could
be made available via manipulation of form autocomplete in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to obtain sensitive
information. (CVE-2015-0822)
Atte Kettunen discovered a use-after-free in the OpenType Sanitiser (OTS)=
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash. (CVE-2015-0823)
Atte Kettunen discovered a crash when drawing images using Cairo in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2015-0824)
Atte Kettunen discovered a buffer underflow during playback of MP3 files
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2015-0825)
Atte Kettunen discovered a buffer overflow during CSS restyling in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-0826)
Abhishek Arya discovered an out-of-bounds read and write when rendering
SVG content in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to obtain sensitive information. (CVE-2015-0827)
A buffer overflow was discovered in libstagefright during video playback
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2015-0829)
Daniele Di Proietto discovered that WebGL could cause a crash in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2015-0830)
Paul Bandha discovered a use-after-free in IndexedDB. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking=
Firefox. (CVE-2015-0831)
Muneaki Nishimura discovered that a period appended to a hostname could
bypass key pinning and HSTS in some circumstances. A remote attacker coul=
d
potentially exloit this to conduct a Man-in-the-middle (MITM) attack.
(CVE-2015-0832)
Alexander Kolesnik discovered that Firefox would attempt plaintext
connections to servers when handling turns: and stuns: URIs. A remote
attacker could potentially exploit this by conducting a Man-in-the-middle=
(MITM) attack in order to obtain credentials. (CVE-2015-0834)
=20
Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron=
Campen, Tom Schuster, Ryan VanderMeulen, Christian Holler, Jesse Ruderman=
,
Randell Jesup, Robin Whittleton, Jon Coppeard, and Nikhil Marathe
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking=
Firefox. (CVE-2015-0835, CVE-2015-0836)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
firefox 36.0+build2-0ubuntu0.14.10.4
Ubuntu 14.04 LTS:
firefox 36.0+build2-0ubuntu0.14.04.4
Ubuntu 12.04 LTS:
firefox 36.0+build2-0ubuntu0.12.04.5
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2505-1
CVE-2015-0819, CVE-2015-0820, CVE-2015-0821, CVE-2015-0822,
CVE-2015-0823, CVE-2015-0824, CVE-2015-0825, CVE-2015-0826,
CVE-2015-0827, CVE-2015-0829, CVE-2015-0830, CVE-2015-0831,
CVE-2015-0832, CVE-2015-0834, CVE-2015-0835, CVE-2015-0836
Package Information:
https://launchpad.net/ubuntu/+source/firefox/36.0+build2-0ubuntu0.14.10=
=2E4
https://launchpad.net/ubuntu/+source/firefox/36.0+build2-0ubuntu0.14.04=
=2E4
https://launchpad.net/ubuntu/+source/firefox/36.0+build2-0ubuntu0.12.04=
=2E5