Home / mailings [USN-2785-1] Firefox vulnerabilities
Posted on 05 November 2015
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2785-1
November 04, 2015
firefox vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky=
,
Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, Gary Kwong,
Andrew McCreight, Georg Fritzsche, and Carsten Book discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to=
cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2015-4513,
CVE-2015-4514)
Tim Brown discovered that Firefox discloses the hostname during NTLM
authentication in some circumstances. If a user were tricked in to
opening a specially crafted website with NTLM v1 enabled, an attacker
could exploit this to obtain sensitive information. (CVE-2015-4515)
Mario Heiderich and Frederik Braun discovered that CSP could be bypassed
in reader mode in some circumstances. If a user were tricked in to openin=
g
a specially crafted website, an attacker could potentially exploit this t=
o
conduct cross-site scripting (XSS) attacks. (CVE-2015-4518)
Tyson Smith and David Keeler discovered a use-after-poison and buffer
overflow in NSS. If a user were tricked in to opening a specially crafted=
website, an attacker could potentially exploit these to cause a denial of=
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-7181, CVE-2015-7182)
Ryan Sleevi discovered an integer overflow in NSPR. If a user were tricke=
d
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-7183)
Jason Hamilton, Peter Arremann and Sylvain Giroux discovered that panels
created via the Addon SDK with { script: false } could still execute
inline script. If a user installed an addon that relied on this as a
security mechanism, an attacker could potentially exploit this to conduct=
cross-site scripting (XSS) attacks, depending on the source of the panel
content. (CVE-2015-7187)
Micha=C5=82 Bentkowski discovered that adding white-space to hostnames th=
at are
IP address can bypass same-origin protections. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2015-7188)
Looben Yang discovered a buffer overflow during script interactions with
the canvas element in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploi=
t
this to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-7189)
Shinto K Anto discovered that CORS preflight is bypassed when receiving
non-standard Content-Type headers in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions.
(CVE-2015-7193)
Gustavo Grieco discovered a buffer overflow in libjar in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-7194)
Frans Ros=C3=A9n discovered that certain escaped characters in the Locati=
on
header are parsed incorrectly, resulting in a navigation to the previousl=
y
parsed version of a URL. If a user were tricked in to opening a specially=
crafted website, an attacker could potentially exploit this to obtain sit=
e
specific tokens. (CVE-2015-7195)
Vytautas Staraitis discovered a garbage collection crash when interacting=
with Java applets in some circumstances. If a user were tricked in to
opening a specially crafted website with the Java plugin installed, an
attacker could potentially exploit this to execute arbitrary code with th=
e
privileges of the user invoking Firefox. (CVE-2015-7196)
Ehsan Akhgari discovered a mechanism for a web worker to bypass secure
requirements for web sockets. If a user were tricked in to opening a
specially crafted website, an attacker could exploit this to bypass the
mixed content web socket policy. (CVE-2015-7197)
Ronald Crane discovered several vulnerabilities through code-inspection. =
If
a user were tricked in to opening a specially crafted website, an attacke=
r
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2015-7198, CVE-2015-7199, CVE-2015-7200)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.10:
firefox 42.0+build2-0ubuntu0.15.10.1
Ubuntu 15.04:
firefox 42.0+build2-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
firefox 42.0+build2-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
firefox 42.0+build2-0ubuntu0.12.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2785-1
CVE-2015-4513, CVE-2015-4514, CVE-2015-4515, CVE-2015-4518,
CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7187,
CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194,
CVE-2015-7195, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198,
CVE-2015-7199, CVE-2015-7200
Package Information:
https://launchpad.net/ubuntu/+source/firefox/42.0+build2-0ubuntu0.15.10=
=2E1
https://launchpad.net/ubuntu/+source/firefox/42.0+build2-0ubuntu0.15.04=
=2E1
https://launchpad.net/ubuntu/+source/firefox/42.0+build2-0ubuntu0.14.04=
=2E1
https://launchpad.net/ubuntu/+source/firefox/42.0+build2-0ubuntu0.12.04=
=2E1
