Ubuntu 3175-2: Firefox regression

    Date06 Feb 2017
    CategoryUbuntu
    69
    Posted ByLinuxSecurity Advisories
    USN-3175-1 introduced a regression in Firefox.
    ==========================================================================
    Ubuntu Security Notice USN-3175-2
    February 06, 2017
    
    firefox regression
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 16.10
    - Ubuntu 16.04 LTS
    - Ubuntu 14.04 LTS
    - Ubuntu 12.04 LTS
    
    Summary:
    
    USN-3175-1 introduced a regression in Firefox.
    
    Software Description:
    - firefox: Mozilla Open Source web browser
    
    Details:
    
    USN-3175-1 fixed vulnerabilities in Firefox. The update caused a
    regression on systems where the AppArmor profile for Firefox is set to
    enforce mode. This update fixes the problem.
    
    We apologize for the inconvenience.
    
    Original advisory details:
    
     Multiple memory safety issues were discovered in Firefox. If a user were
     tricked in to opening a specially crafted website, an attacker could
     potentially exploit these to cause a denial of service via application
     crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)
     
     JIT code allocation can allow a bypass of ASLR protections in some
     circumstances. If a user were tricked in to opening a specially crafted
     website, an attacker could potentially exploit this to cause a denial of
     service via application crash, or execute arbitrary code. (CVE-2017-5375)
     
     Nicolas Grégoire discovered a use-after-free when manipulating XSL in
     XSLT documents in some circumstances. If a user were tricked in to opening
     a specially crafted website, an attacker could potentially exploit this to
     cause a denial of service via application crash, or execute arbitrary
     code. (CVE-2017-5376)
     
     Atte Kettunen discovered a memory corruption issue in Skia in some
     circumstances. If a user were tricked in to opening a specially crafted
     website, an attacker could potentially exploit this to cause a denial of
     service via application crash, or execute arbitrary code. (CVE-2017-5377)
     
     Jann Horn discovered that an object's address could be discovered through
     hashed codes of JavaScript objects shared between pages. If a user were
     tricked in to opening a specially crafted website, an attacker could
     potentially exploit this to obtain sensitive information. (CVE-2017-5378)
     
     A use-after-free was discovered in Web Animations in some circumstances.
     If a user were tricked in to opening a specially crafted website, an
     attacker could potentially exploit this to cause a denial of service via
     application crash, or execute arbitrary code. (CVE-2017-5379)
     
     A use-after-free was discovered during DOM manipulation of SVG content in
     some circumstances. If a user were tricked in to opening a specially
     crafted website, an attacker could potentially exploit this to cause a
     denial of service via application crash, or execute arbitrary code.
     (CVE-2017-5380)
     
     Jann Horn discovered that the "export" function in the Certificate Viewer
     can force local filesystem navigation when the Common Name contains
     slashes. If a user were tricked in to exporting a specially crafted
     certificate, an attacker could potentially exploit this to save content
     with arbitrary filenames in unsafe locations. (CVE-2017-5381)
     
     Jerri Rice discovered that the Feed preview for RSS feeds can be used to
     capture errors and exceptions generated by privileged content. An attacker
     could potentially exploit this to obtain sensitive information.
     (CVE-2017-5382)
     
     Armin Razmjou discovered that certain unicode glyphs do not trigger
     punycode display. An attacker could potentially exploit this to spoof the
     URL bar contents. (CVE-2017-5383)
     
     Paul Stone and Alex Chapman discovered that the full URL path is exposed
     to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a
     user has enabled Web Proxy Auto Detect (WPAD), an attacker could
     potentially exploit this to obtain sensitive information. (CVE-2017-5384)
     
     Muneaki Nishimura discovered that data sent in multipart channels will
     ignore the Referrer-Policy response headers. An attacker could potentially
     exploit this to obtain sensitive information. (CVE-2017-5385)
     
     Muneaki Nishimura discovered that WebExtensions can affect other
     extensions using the data: protocol. If a user were tricked in to
     installing a specially crafted addon, an attacker could potentially
     exploit this to obtain sensitive information or gain additional
     privileges. (CVE-2017-5386)
     
     Mustafa Hasan discovered that the existence of local files can be
     determined using the  element. An attacker could potentially
     exploit this to obtain sensitive information. (CVE-2017-5387)
     
     Cullen Jennings discovered that WebRTC can be used to generate large
     amounts of UDP traffic. An attacker could potentially exploit this to
     conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)
     
     Kris Maglione discovered that WebExtensions can use the mozAddonManager
     API by modifying the CSP headers on sites with the appropriate permissions
     and then using host requests to redirect script loads to a malicious site.
     If a user were tricked in to installing a specially crafted addon, an
     attacker could potentially exploit this to install additional addons
     without user permission. (CVE-2017-5389)
     
     Jerri Rice discovered insecure communication methods in the Dev Tools JSON
     Viewer. An attacker could potentially exploit this to gain additional
     privileges. (CVE-2017-5390)
     
     Jerri Rice discovered that about: pages used by content can load
     privileged about: pages in iframes. An attacker could potentially exploit
     this to gain additional privileges, in combination with a
     content-injection bug in one of those about: pages. (CVE-2017-5391)
     
     Stuart Colville discovered that mozAddonManager allows for the
     installation of extensions from the CDN for addons.mozilla.org, a publicly
     accessible site. If a user were tricked in to installing a specially
     crafted addon, an attacker could potentially exploit this, in combination
     with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to
     install additional addons. (CVE-2017-5393)
     
     Filipe Gomes discovered a use-after-free in the media decoder in some
     circumstances. If a user were tricked in to opening a specially crafted
     website, an attacker could potentially exploit this to cause a denial of
     service via application crash, or execute arbitrary code. (CVE-2017-5396)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 16.10:
      firefox                         51.0.1+build2-0ubuntu0.16.10.2
    
    Ubuntu 16.04 LTS:
      firefox                         51.0.1+build2-0ubuntu0.16.04.2
    
    Ubuntu 14.04 LTS:
      firefox                         51.0.1+build2-0ubuntu0.14.04.2
    
    Ubuntu 12.04 LTS:
      firefox                         51.0.1+build2-0ubuntu0.12.04.2
    
    After a standard system update you need to restart Firefox to make
    all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-3175-2
      http://www.ubuntu.com/usn/usn-3175-1
      https://launchpad.net/bugs/1659922
    
    Package Information:
      https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.16.10.2
      https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.16.04.2
      https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.14.04.2
      https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.12.04.2
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"36","type":"x","order":"1","pct":50.7,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":14.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":35.21,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.