Ubuntu 3044-1: Firefox vulnerabilities

    Date05 Aug 2016
    CategoryUbuntu
    41
    Posted ByLinuxSecurity Advisories
    Firefox could be made to crash or run programs as your login if it opened a malicious website.
    ==========================================================================
    Ubuntu Security Notice USN-3044-1
    August 05, 2016
    
    firefox vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 16.04 LTS
    - Ubuntu 14.04 LTS
    - Ubuntu 12.04 LTS
    
    Summary:
    
    Firefox could be made to crash or run programs as your login if it
    opened a malicious website.
    
    Software Description:
    - firefox: Mozilla Open Source web browser
    
    Details:
    
    Gustavo Grieco discovered an out-of-bounds read during XML parsing in
    some circumstances. If a user were tricked in to opening a specially
    crafted website, an attacker could potentially exploit this to cause a
    denial of service via application crash, or obtain sensitive information.
    (CVE-2016-0718)
    
    Toni Huttunen discovered that once a favicon is requested from a site,
    the remote server can keep the network connection open even after the page
    is closed. A remote attacked could potentially exploit this to track
    users, resulting in information disclosure. (CVE-2016-2830)
    
    Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward,
    Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil
    Ringnalda discovered multiple memory safety issues in Firefox. If a user
    were tricked in to opening a specially crafted website, an attacker could
    potentially exploit these to cause a denial of service via application
    crash, or execute arbitrary code. (CVE-2016-2835, CVE-2016-2836)
    
    A buffer overflow was discovered in the ClearKey Content Decryption
    Module (CDM) during video playback. If a user were tricked in to opening
    a specially crafted website, an attacker could potentially exploit this to
    cause a denial of service via plugin process crash, or, in combination
    with another vulnerability to escape the GMP sandbox, execute arbitrary
    code. (CVE-2016-2837)
    
    Atte Kettunen discovered a buffer overflow when rendering SVG content in
    some circumstances. If a user were tricked in to opening a specially
    crafted website, an attacker could potentially exploit this to cause a
    denial of service via application crash, or execute arbitrary code.
    (CVE-2016-2838)
    
    Bert Massop discovered a crash in Cairo with version 0.10 of FFmpeg. If a
    user were tricked in to opening a specially crafted website, an attacker
    could potentially exploit this to execute arbitrary code. (CVE-2016-2839)
    
    Catalin Dumitru discovered that URLs of resources loaded after a
    navigation start could be leaked to the following page via the Resource
    Timing API. An attacker could potentially exploit this to obtain sensitive
    information. (CVE-2016-5250)
    
    Firas Salem discovered an issue with non-ASCII and emoji characters in
    data: URLs. An attacker could potentially exploit this to spoof the
    addressbar contents. (CVE-2016-5251)
    
    Georg Koppen discovered a stack buffer underflow during 2D graphics
    rendering in some circumstances. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this to
    cause a denial of service via application crash, or execute arbitrary
    code. (CVE-2016-5252)
    
    Abhishek Arya discovered a use-after-free when the alt key is used with
    top-level menus. If a user were tricked in to opening a specially crafted
    website, an attacker could potentially exploit this to cause a denial of
    service via application crash, or execute arbitrary code. (CVE-2016-5254)
    
    Jukka Jylänki discovered a crash during garbage collection. If a user
    were tricked in to opening a specially crafted website, an attacker could
    potentially exploit this to execute arbitrary code. (CVE-2016-5255)
    
    Looben Yang discovered a use-after-free in WebRTC. If a user were tricked
    in to opening a specially crafted website, an attacker could potentially
    exploit this to cause a denial of service via application crash, or
    execute arbitrary code. (CVE-2016-5258)
    
    Looben Yang discovered a use-after-free when working with nested sync
    events in service workers. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this to
    cause a denial of service via application crash, or execute arbitrary
    code. (CVE-2016-5259)
    
    Mike Kaply discovered that plain-text passwords can be stored in session
    restore if an input field type is changed from "password" to "text" during
    a session, leading to information disclosure. (CVE-2016-5260)
    
    Samuel Groß discovered an integer overflow in WebSockets during data
    buffering in some circumstances. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this to
    cause a denial of service via application crash, or execute arbitrary
    code. (CVE-2016-5261)
    
    Nikita Arykov discovered that JavaScript event handlers on a 
    element can execute in a sandboxed iframe without the allow-scripts flag
    set. If a user were tricked in to opening a specially crafted website, an
    attacker could potentially exploit this to conduct cross-site scripting
    (XSS) attacks. (CVE-2016-5262)
    
    A type confusion bug was discovered in display transformation during
    rendering. If a user were tricked in to opening a specially crafted
    website, an attacker could potentially exploit this to cause a denial of
    service via application crash, or execute arbitrary code. (CVE-2016-5263)
    
    A use-after-free was discovered when applying effects to SVG elements in
    some circumstances. If a user were tricked in to opening a specially
    crafted website, an attacker could potentially exploit this to cause a
    denial of service via application crash, or execute arbitrary code.
    (CVE-2016-5264)
    
    Abdulrahman Alqabandi discovered a same-origin policy violation relating
    to local HTML files and saved shortcut files. An attacker could
    potentially exploit this to obtain sensitive information. (CVE-2016-5265)
    
    Rafael Gieschke discovered an information disclosure issue related to
    drag and drop. An attacker could potentially exploit this to obtain
    sensitive information. (CVE-2016-5266)
    
    A text injection issue was discovered with about: URLs. An attacker could
    potentially exploit this to spoof internal error pages. (CVE-2016-5268)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 16.04 LTS:
      firefox                         48.0+build2-0ubuntu0.16.04.1
    
    Ubuntu 14.04 LTS:
      firefox                         48.0+build2-0ubuntu0.14.04.1
    
    Ubuntu 12.04 LTS:
      firefox                         48.0+build2-0ubuntu0.12.04.1
    
    After a standard system update you need to restart Firefox to make
    all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-3044-1
      CVE-2016-0718, CVE-2016-2830, CVE-2016-2835, CVE-2016-2836,
      CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250,
      CVE-2016-5251, CVE-2016-5252, CVE-2016-5254, CVE-2016-5255,
      CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261,
      CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265,
      CVE-2016-5266, CVE-2016-5268
    
    Package Information:
      https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.16.04.1
      https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.14.04.1
      https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.12.04.1
    
    
     
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.