Arch Linux Security Advisory ASA-201608-2
========================================
Severity: Critical
Date    : 2016-08-05
CVE-ID  : CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836
	  CVE-2016-2837 CVE-2016-2838 CVE-2016-5250 CVE-2016-5251
	  CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258
	  CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262
	  CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266
	  CVE-2016-5268
Package : firefox
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package firefox before version 48.0-1 is vulnerable to multiple
issues.

Resolution
=========
Upgrade to 48.0-1.

# pacman -Syu "firefox>=48.0-1"

The problems have been fixed upstream in version 48.0.

Workaround
=========
None.

Description
==========
- CVE-2016-0718 (arbitrary code execution)

Out-of-bounds read during XML parsing in Expat library.

- CVE-2016-2830 (information disclosure)

Favicon network connection can persist when page is closed.

- CVE-2016-2835 CVE-2016-2836 (arbitrary code execution)

Mozilla developers and community members reported several memory safety
bugs in the browser engine used in firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.

- CVE-2016-2837 (arbitrary code execution)

Buffer overflow in ClearKey Content Decryption Module (CDM) during video
playback

- CVE-2016-2838 (arbitrary code execution)

Buffer overflow rendering SVG with bidirectional content.

- CVE-2016-5250 (information disclosure)

Information disclosure through Resource Timing API during page
navigation.

- CVE-2016-5251 (URL spoofing)

Location bar spoofing via data URLs with malformed/invalid mediatypes.

- CVE-2016-5252 (arbitrary code execution)

Stack underflow during 2D graphics rendering.

- CVE-2016-5254 (arbitrary code execution)

Use-after-free when using alt key and toplevel menus.

- CVE-2016-5255 (arbitrary code execution)

Crash in incremental garbage collection in JavaScript.

- CVE-2016-5258 (arbitrary code execution)

Use-after-free in DTLS during WebRTC session shutdown.

- CVE-2016-5259 (arbitrary code execution)

Use-after-free in service workers with nested sync events.

- CVE-2016-5260 (information disclosure)

Form input type change from password to text can store plain text
password in session restore file.

- CVE-2016-5261 (arbitrary code execution)

Integer overflow in WebSockets during data buffering.

- CVE-2016-5262 (cross-site scripting)

Scripts on marquee tag can execute in sandboxed iframes.

- CVE-2016-5263 (type confusion)

Type confusion in display transformation

- CVE-2016-5264 (use after free)

Use-after-free when applying SVG effects.

- CVE-2016-5265 (same-origin policy bypass)

Same-origin policy violation using local HTML file and saved shortcut
file.

- CVE-2016-5266 (information disclosure)

Information disclosure and local file manipulation through drag and
drop.

- CVE-2016-5268 (spoofing)

Spoofing attack through text injection into internal error pages.

Impact
=====
A remote attacker can access sensitive information, bypass policies or
execute arbitrary code on the affected host.

References
=========
https://access.redhat.com/security/cve/CVE-2016-0718
https://access.redhat.com/security/cve/CVE-2016-2830
https://access.redhat.com/security/cve/CVE-2016-2835
https://access.redhat.com/security/cve/CVE-2016-2836
https://access.redhat.com/security/cve/CVE-2016-2837
https://access.redhat.com/security/cve/CVE-2016-2838
https://access.redhat.com/security/cve/CVE-2016-5250
https://access.redhat.com/security/cve/CVE-2016-5251
https://access.redhat.com/security/cve/CVE-2016-5252
https://access.redhat.com/security/cve/CVE-2016-5254
https://access.redhat.com/security/cve/CVE-2016-5255
https://access.redhat.com/security/cve/CVE-2016-5258
https://access.redhat.com/security/cve/CVE-2016-5259
https://access.redhat.com/security/cve/CVE-2016-5260
https://access.redhat.com/security/cve/CVE-2016-5261
https://access.redhat.com/security/cve/CVE-2016-5262
https://access.redhat.com/security/cve/CVE-2016-5263
https://access.redhat.com/security/cve/CVE-2016-5264
https://access.redhat.com/security/cve/CVE-2016-5265
https://access.redhat.com/security/cve/CVE-2016-5266
https://access.redhat.com/security/cve/CVE-2016-5268
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48

ArchLinux: 201608-2: firefox: multiple issues

August 5, 2016

Summary

- CVE-2016-0718 (arbitrary code execution) Out-of-bounds read during XML parsing in Expat library.
- CVE-2016-2830 (information disclosure)
Favicon network connection can persist when page is closed.
- CVE-2016-2835 CVE-2016-2836 (arbitrary code execution)
Mozilla developers and community members reported several memory safety bugs in the browser engine used in firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
- CVE-2016-2837 (arbitrary code execution)
Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
- CVE-2016-2838 (arbitrary code execution)
Buffer overflow rendering SVG with bidirectional content.
- CVE-2016-5250 (information disclosure)
Information disclosure through Resource Timing API during page navigation.
- CVE-2016-5251 (URL spoofing)
Location bar spoofing via data URLs with malformed/invalid mediatypes.
- CVE-2016-5252 (arbitrary code execution)
Stack underflow during 2D graphics rendering.
- CVE-2016-5254 (arbitrary code execution)
Use-after-free when using alt key and toplevel menus.
- CVE-2016-5255 (arbitrary code execution)
Crash in incremental garbage collection in JavaScript.
- CVE-2016-5258 (arbitrary code execution)
Use-after-free in DTLS during WebRTC session shutdown.
- CVE-2016-5259 (arbitrary code execution)
Use-after-free in service workers with nested sync events.
- CVE-2016-5260 (information disclosure)
Form input type change from password to text can store plain text password in session restore file.
- CVE-2016-5261 (arbitrary code execution)
Integer overflow in WebSockets during data buffering.
- CVE-2016-5262 (cross-site scripting)
Scripts on marquee tag can execute in sandboxed iframes.
- CVE-2016-5263 (type confusion)
Type confusion in display transformation
- CVE-2016-5264 (use after free)
Use-after-free when applying SVG effects.
- CVE-2016-5265 (same-origin policy bypass)
Same-origin policy violation using local HTML file and saved shortcut file.
- CVE-2016-5266 (information disclosure)
Information disclosure and local file manipulation through drag and drop.
- CVE-2016-5268 (spoofing)
Spoofing attack through text injection into internal error pages.

Resolution

Upgrade to 48.0-1. # pacman -Syu "firefox>=48.0-1"
The problems have been fixed upstream in version 48.0.

References

https://access.redhat.com/security/cve/CVE-2016-0718 https://access.redhat.com/security/cve/CVE-2016-2830 https://access.redhat.com/security/cve/CVE-2016-2835 https://access.redhat.com/security/cve/CVE-2016-2836 https://access.redhat.com/security/cve/CVE-2016-2837 https://access.redhat.com/security/cve/CVE-2016-2838 https://access.redhat.com/security/cve/CVE-2016-5250 https://access.redhat.com/security/cve/CVE-2016-5251 https://access.redhat.com/security/cve/CVE-2016-5252 https://access.redhat.com/security/cve/CVE-2016-5254 https://access.redhat.com/security/cve/CVE-2016-5255 https://access.redhat.com/security/cve/CVE-2016-5258 https://access.redhat.com/security/cve/CVE-2016-5259 https://access.redhat.com/security/cve/CVE-2016-5260 https://access.redhat.com/security/cve/CVE-2016-5261 https://access.redhat.com/security/cve/CVE-2016-5262 https://access.redhat.com/security/cve/CVE-2016-5263 https://access.redhat.com/security/cve/CVE-2016-5264 https://access.redhat.com/security/cve/CVE-2016-5265 https://access.redhat.com/security/cve/CVE-2016-5266 https://access.redhat.com/security/cve/CVE-2016-5268 https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48

Severity
CVE-2016-2837 CVE-2016-2838 CVE-2016-5250 CVE-2016-5251
CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258
CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262
CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266
CVE-2016-5268
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved