ArchLinux: 201608-2: firefox: multiple issues
Summary
- CVE-2016-0718 (arbitrary code execution)
Out-of-bounds read during XML parsing in Expat library.
- CVE-2016-2830 (information disclosure)
Favicon network connection can persist when page is closed.
- CVE-2016-2835 CVE-2016-2836 (arbitrary code execution)
Mozilla developers and community members reported several memory safety
bugs in the browser engine used in firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
- CVE-2016-2837 (arbitrary code execution)
Buffer overflow in ClearKey Content Decryption Module (CDM) during video
playback
- CVE-2016-2838 (arbitrary code execution)
Buffer overflow rendering SVG with bidirectional content.
- CVE-2016-5250 (information disclosure)
Information disclosure through Resource Timing API during page
navigation.
- CVE-2016-5251 (URL spoofing)
Location bar spoofing via data URLs with malformed/invalid mediatypes.
- CVE-2016-5252 (arbitrary code execution)
Stack underflow during 2D graphics rendering.
- CVE-2016-5254 (arbitrary code execution)
Use-after-free when using alt key and toplevel menus.
- CVE-2016-5255 (arbitrary code execution)
Crash in incremental garbage collection in JavaScript.
- CVE-2016-5258 (arbitrary code execution)
Use-after-free in DTLS during WebRTC session shutdown.
- CVE-2016-5259 (arbitrary code execution)
Use-after-free in service workers with nested sync events.
- CVE-2016-5260 (information disclosure)
Form input type change from password to text can store plain text
password in session restore file.
- CVE-2016-5261 (arbitrary code execution)
Integer overflow in WebSockets during data buffering.
- CVE-2016-5262 (cross-site scripting)
Scripts on marquee tag can execute in sandboxed iframes.
- CVE-2016-5263 (type confusion)
Type confusion in display transformation
- CVE-2016-5264 (use after free)
Use-after-free when applying SVG effects.
- CVE-2016-5265 (same-origin policy bypass)
Same-origin policy violation using local HTML file and saved shortcut
file.
- CVE-2016-5266 (information disclosure)
Information disclosure and local file manipulation through drag and
drop.
- CVE-2016-5268 (spoofing)
Spoofing attack through text injection into internal error pages.
Resolution
Upgrade to 48.0-1.
# pacman -Syu "firefox>=48.0-1"
The problems have been fixed upstream in version 48.0.
References
https://access.redhat.com/security/cve/CVE-2016-0718 https://access.redhat.com/security/cve/CVE-2016-2830 https://access.redhat.com/security/cve/CVE-2016-2835 https://access.redhat.com/security/cve/CVE-2016-2836 https://access.redhat.com/security/cve/CVE-2016-2837 https://access.redhat.com/security/cve/CVE-2016-2838 https://access.redhat.com/security/cve/CVE-2016-5250 https://access.redhat.com/security/cve/CVE-2016-5251 https://access.redhat.com/security/cve/CVE-2016-5252 https://access.redhat.com/security/cve/CVE-2016-5254 https://access.redhat.com/security/cve/CVE-2016-5255 https://access.redhat.com/security/cve/CVE-2016-5258 https://access.redhat.com/security/cve/CVE-2016-5259 https://access.redhat.com/security/cve/CVE-2016-5260 https://access.redhat.com/security/cve/CVE-2016-5261 https://access.redhat.com/security/cve/CVE-2016-5262 https://access.redhat.com/security/cve/CVE-2016-5263 https://access.redhat.com/security/cve/CVE-2016-5264 https://access.redhat.com/security/cve/CVE-2016-5265 https://access.redhat.com/security/cve/CVE-2016-5266 https://access.redhat.com/security/cve/CVE-2016-5268 https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48
Workaround
None.