Ubuntu 3044-1: Firefox vulnerabilities

    Date 05 Aug 2016
    95
    Posted By LinuxSecurity Advisories
    Firefox could be made to crash or run programs as your login if it opened a malicious website.
    ==========================================================================
    Ubuntu Security Notice USN-3044-1
    August 05, 2016
    
    firefox vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 16.04 LTS
    - Ubuntu 14.04 LTS
    - Ubuntu 12.04 LTS
    
    Summary:
    
    Firefox could be made to crash or run programs as your login if it
    opened a malicious website.
    
    Software Description:
    - firefox: Mozilla Open Source web browser
    
    Details:
    
    Gustavo Grieco discovered an out-of-bounds read during XML parsing in
    some circumstances. If a user were tricked in to opening a specially
    crafted website, an attacker could potentially exploit this to cause a
    denial of service via application crash, or obtain sensitive information.
    (CVE-2016-0718)
    
    Toni Huttunen discovered that once a favicon is requested from a site,
    the remote server can keep the network connection open even after the page
    is closed. A remote attacked could potentially exploit this to track
    users, resulting in information disclosure. (CVE-2016-2830)
    
    Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward,
    Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil
    Ringnalda discovered multiple memory safety issues in Firefox. If a user
    were tricked in to opening a specially crafted website, an attacker could
    potentially exploit these to cause a denial of service via application
    crash, or execute arbitrary code. (CVE-2016-2835, CVE-2016-2836)
    
    A buffer overflow was discovered in the ClearKey Content Decryption
    Module (CDM) during video playback. If a user were tricked in to opening
    a specially crafted website, an attacker could potentially exploit this to
    cause a denial of service via plugin process crash, or, in combination
    with another vulnerability to escape the GMP sandbox, execute arbitrary
    code. (CVE-2016-2837)
    
    Atte Kettunen discovered a buffer overflow when rendering SVG content in
    some circumstances. If a user were tricked in to opening a specially
    crafted website, an attacker could potentially exploit this to cause a
    denial of service via application crash, or execute arbitrary code.
    (CVE-2016-2838)
    
    Bert Massop discovered a crash in Cairo with version 0.10 of FFmpeg. If a
    user were tricked in to opening a specially crafted website, an attacker
    could potentially exploit this to execute arbitrary code. (CVE-2016-2839)
    
    Catalin Dumitru discovered that URLs of resources loaded after a
    navigation start could be leaked to the following page via the Resource
    Timing API. An attacker could potentially exploit this to obtain sensitive
    information. (CVE-2016-5250)
    
    Firas Salem discovered an issue with non-ASCII and emoji characters in
    data: URLs. An attacker could potentially exploit this to spoof the
    addressbar contents. (CVE-2016-5251)
    
    Georg Koppen discovered a stack buffer underflow during 2D graphics
    rendering in some circumstances. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this to
    cause a denial of service via application crash, or execute arbitrary
    code. (CVE-2016-5252)
    
    Abhishek Arya discovered a use-after-free when the alt key is used with
    top-level menus. If a user were tricked in to opening a specially crafted
    website, an attacker could potentially exploit this to cause a denial of
    service via application crash, or execute arbitrary code. (CVE-2016-5254)
    
    Jukka Jylänki discovered a crash during garbage collection. If a user
    were tricked in to opening a specially crafted website, an attacker could
    potentially exploit this to execute arbitrary code. (CVE-2016-5255)
    
    Looben Yang discovered a use-after-free in WebRTC. If a user were tricked
    in to opening a specially crafted website, an attacker could potentially
    exploit this to cause a denial of service via application crash, or
    execute arbitrary code. (CVE-2016-5258)
    
    Looben Yang discovered a use-after-free when working with nested sync
    events in service workers. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this to
    cause a denial of service via application crash, or execute arbitrary
    code. (CVE-2016-5259)
    
    Mike Kaply discovered that plain-text passwords can be stored in session
    restore if an input field type is changed from "password" to "text" during
    a session, leading to information disclosure. (CVE-2016-5260)
    
    Samuel Groß discovered an integer overflow in WebSockets during data
    buffering in some circumstances. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this to
    cause a denial of service via application crash, or execute arbitrary
    code. (CVE-2016-5261)
    
    Nikita Arykov discovered that JavaScript event handlers on a 
    element can execute in a sandboxed iframe without the allow-scripts flag
    set. If a user were tricked in to opening a specially crafted website, an
    attacker could potentially exploit this to conduct cross-site scripting
    (XSS) attacks. (CVE-2016-5262)
    
    A type confusion bug was discovered in display transformation during
    rendering. If a user were tricked in to opening a specially crafted
    website, an attacker could potentially exploit this to cause a denial of
    service via application crash, or execute arbitrary code. (CVE-2016-5263)
    
    A use-after-free was discovered when applying effects to SVG elements in
    some circumstances. If a user were tricked in to opening a specially
    crafted website, an attacker could potentially exploit this to cause a
    denial of service via application crash, or execute arbitrary code.
    (CVE-2016-5264)
    
    Abdulrahman Alqabandi discovered a same-origin policy violation relating
    to local HTML files and saved shortcut files. An attacker could
    potentially exploit this to obtain sensitive information. (CVE-2016-5265)
    
    Rafael Gieschke discovered an information disclosure issue related to
    drag and drop. An attacker could potentially exploit this to obtain
    sensitive information. (CVE-2016-5266)
    
    A text injection issue was discovered with about: URLs. An attacker could
    potentially exploit this to spoof internal error pages. (CVE-2016-5268)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 16.04 LTS:
      firefox                         48.0+build2-0ubuntu0.16.04.1
    
    Ubuntu 14.04 LTS:
      firefox                         48.0+build2-0ubuntu0.14.04.1
    
    Ubuntu 12.04 LTS:
      firefox                         48.0+build2-0ubuntu0.12.04.1
    
    After a standard system update you need to restart Firefox to make
    all the necessary changes.
    
    References:
      https://www.ubuntu.com/usn/usn-3044-1
      CVE-2016-0718, CVE-2016-2830, CVE-2016-2835, CVE-2016-2836,
      CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250,
      CVE-2016-5251, CVE-2016-5252, CVE-2016-5254, CVE-2016-5255,
      CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261,
      CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265,
      CVE-2016-5266, CVE-2016-5268
    
    Package Information:
      https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.16.04.1
      https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.14.04.1
      https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.12.04.1
    
    
    	
    
    	
    	
    			
    	
    				
    
    	
    	
    
    	
    
    
    
    	
    
    	
    
    
    
    
    			

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"10","type":"x","order":"1","pct":71.43,"resources":[]},{"id":"121","title":"No ","votes":"4","type":"x","order":"2","pct":28.57,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.