Ubuntu 2785-1: Firefox vulnerabilities

    Date04 Nov 2015
    CategoryUbuntu
    55
    Posted ByLinuxSecurity Advisories
    Firefox could be made to crash or run programs as your login if it opened a malicious website.
    ==========================================================================
    Ubuntu Security Notice USN-2785-1
    November 04, 2015
    
    firefox vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 15.10
    - Ubuntu 15.04
    - Ubuntu 14.04 LTS
    - Ubuntu 12.04 LTS
    
    Summary:
    
    Firefox could be made to crash or run programs as your login if it
    opened a malicious website.
    
    Software Description:
    - firefox: Mozilla Open Source web browser
    
    Details:
    
    Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky,
    Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, Gary Kwong,
    Andrew McCreight, Georg Fritzsche, and Carsten Book discovered multiple
    memory safety issues in Firefox. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit these to
    cause a denial of service via application crash, or execute arbitrary
    code with the privileges of the user invoking Firefox. (CVE-2015-4513,
    CVE-2015-4514)
    
    Tim Brown discovered that Firefox discloses the hostname during NTLM
    authentication in some circumstances. If a user were tricked in to
    opening a specially crafted website with NTLM v1 enabled, an attacker
    could exploit this to obtain sensitive information. (CVE-2015-4515)
    
    Mario Heiderich and Frederik Braun discovered that CSP could be bypassed
    in reader mode in some circumstances. If a user were tricked in to opening
    a specially crafted website, an attacker could potentially exploit this to
    conduct cross-site scripting (XSS) attacks. (CVE-2015-4518)
    
    Tyson Smith and David Keeler discovered a use-after-poison and buffer
    overflow in NSS. If a user were tricked in to opening a specially crafted
    website, an attacker could potentially exploit these to cause a denial of
    service via application crash, or execute arbitrary code with the
    privileges of the user invoking Firefox. (CVE-2015-7181, CVE-2015-7182)
    
    Ryan Sleevi discovered an integer overflow in NSPR. If a user were tricked
    in to opening a specially crafted website, an attacker could potentially
    exploit this to cause a denial of service via application crash, or
    execute arbitrary code with the privileges of the user invoking Firefox.
    (CVE-2015-7183)
    
    Jason Hamilton, Peter Arremann and Sylvain Giroux discovered that panels
    created via the Addon SDK with { script: false } could still execute
    inline script. If a user installed an addon that relied on this as a
    security mechanism, an attacker could potentially exploit this to conduct
    cross-site scripting (XSS) attacks, depending on the source of the panel
    content. (CVE-2015-7187)
    
    Michał Bentkowski discovered that adding white-space to hostnames that are
    IP address can bypass same-origin protections. If a user were tricked in
    to opening a specially crafted website, an attacker could potentially
    exploit this to conduct cross-site scripting (XSS) attacks.
    (CVE-2015-7188)
    
    Looben Yang discovered a buffer overflow during script interactions with
    the canvas element in some circumstances. If a user were tricked in to
    opening a specially crafted website, an attacker could potentially exploit
    this to cause a denial of service via application crash, or execute
    arbitrary code with the privileges of the user invoking Firefox.
    (CVE-2015-7189)
    
    Shinto K Anto discovered that CORS preflight is bypassed when receiving
    non-standard Content-Type headers in some circumstances. If a user were
    tricked in to opening a specially crafted website, an attacker could
    potentially exploit this to bypass same-origin restrictions.
    (CVE-2015-7193)
    
    Gustavo Grieco discovered a buffer overflow in libjar in some
    circumstances. If a user were tricked in to opening a specially crafted
    website, an attacker could potentially exploit this to cause a denial of
    service via application crash, or execute arbitrary code with the
    privileges of the user invoking Firefox. (CVE-2015-7194)
    
    Frans Rosén discovered that certain escaped characters in the Location
    header are parsed incorrectly, resulting in a navigation to the previously
    parsed version of a URL. If a user were tricked in to opening a specially
    crafted website, an attacker could potentially exploit this to obtain site
    specific tokens. (CVE-2015-7195)
    
    Vytautas Staraitis discovered a garbage collection crash when interacting
    with Java applets in some circumstances. If a user were tricked in to
    opening a specially crafted website with the Java plugin installed, an
    attacker could potentially exploit this to execute arbitrary code with the
    privileges of the user invoking Firefox. (CVE-2015-7196)
    
    Ehsan Akhgari discovered a mechanism for a web worker to bypass secure
    requirements for web sockets. If a user were tricked in to opening a
    specially crafted website, an attacker could exploit this to bypass the
    mixed content web socket policy. (CVE-2015-7197)
    
    Ronald Crane discovered several vulnerabilities through code-inspection. If
    a user were tricked in to opening a specially crafted website, an attacker
    could potentially exploit these to cause a denial of service via
    application crash, or execute arbitrary code with the privileges of the
    user invoking Firefox. (CVE-2015-7198, CVE-2015-7199, CVE-2015-7200)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 15.10:
      firefox                         42.0+build2-0ubuntu0.15.10.1
    
    Ubuntu 15.04:
      firefox                         42.0+build2-0ubuntu0.15.04.1
    
    Ubuntu 14.04 LTS:
      firefox                         42.0+build2-0ubuntu0.14.04.1
    
    Ubuntu 12.04 LTS:
      firefox                         42.0+build2-0ubuntu0.12.04.1
    
    After a standard system update you need to restart Firefox to make
    all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-2785-1
      CVE-2015-4513, CVE-2015-4514, CVE-2015-4515, CVE-2015-4518,
      CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7187,
      CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194,
      CVE-2015-7195, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198,
      CVE-2015-7199, CVE-2015-7200
    
    Package Information:
      https://launchpad.net/ubuntu/+source/firefox/42.0+build2-0ubuntu0.15.10.1
      https://launchpad.net/ubuntu/+source/firefox/42.0+build2-0ubuntu0.15.04.1
      https://launchpad.net/ubuntu/+source/firefox/42.0+build2-0ubuntu0.14.04.1
      https://launchpad.net/ubuntu/+source/firefox/42.0+build2-0ubuntu0.12.04.1
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.