Home / mailingsPDF  

[USN-3175-1] Firefox vulnerabilities

Posted on 27 January 2017
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-3175-1
January 27, 2017

firefox vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Multiple memory safety issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)

JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5375)=


Nicolas Gr=C3=A9goire discovered a use-after-free when manipulating XSL i=
n
XSLT documents in some circumstances. If a user were tricked in to openin=
g
a specially crafted website, an attacker could potentially exploit this t=
o
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2017-5376)

Atte Kettunen discovered a memory corruption issue in Skia in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5377)=


Jann Horn discovered that an object's address could be discovered through=

hashed codes of JavaScript objects shared between pages. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to obtain sensitive information. (CVE-2017-5378)=


A use-after-free was discovered in Web Animations in some circumstances.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2017-5379)

A use-after-free was discovered during DOM manipulation of SVG content in=

some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2017-5380)

Jann Horn discovered that the "export" function in the Certificate Viewer=

can force local filesystem navigation when the Common Name contains
slashes. If a user were tricked in to exporting a specially crafted
certificate, an attacker could potentially exploit this to save content
with arbitrary filenames in unsafe locations. (CVE-2017-5381)

Jerri Rice discovered that the Feed preview for RSS feeds can be used to
capture errors and exceptions generated by privileged content. An attacke=
r
could potentially exploit this to obtain sensitive information.
(CVE-2017-5382)

Armin Razmjou discovered that certain unicode glyphs do not trigger
punycode display. An attacker could potentially exploit this to spoof the=

URL bar contents. (CVE-2017-5383)

Paul Stone and Alex Chapman discovered that the full URL path is exposed
to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a
user has enabled Web Proxy Auto Detect (WPAD), an attacker could
potentially exploit this to obtain sensitive information. (CVE-2017-5384)=


Muneaki Nishimura discovered that data sent in multipart channels will
ignore the Referrer-Policy response headers. An attacker could potentiall=
y
exploit this to obtain sensitive information. (CVE-2017-5385)

Muneaki Nishimura discovered that WebExtensions can affect other
extensions using the data: protocol. If a user were tricked in to
installing a specially crafted addon, an attacker could potentially
exploit this to obtain sensitive information or gain additional
privileges. (CVE-2017-5386)

Mustafa Hasan discovered that the existence of local files can be
determined using the <track> element. An attacker could potentially
exploit this to obtain sensitive information. (CVE-2017-5387)

Cullen Jennings discovered that WebRTC can be used to generate large
amounts of UDP traffic. An attacker could potentially exploit this to
conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)

Kris Maglione discovered that WebExtensions can use the mozAddonManager
API by modifying the CSP headers on sites with the appropriate permission=
s
and then using host requests to redirect script loads to a malicious site=
=2E
If a user were tricked in to installing a specially crafted addon, an
attacker could potentially exploit this to install additional addons
without user permission. (CVE-2017-5389)

Jerri Rice discovered insecure communication methods in the Dev Tools JSO=
N
Viewer. An attacker could potentially exploit this to gain additional
privileges. (CVE-2017-5390)

Jerri Rice discovered that about: pages used by content can load
privileged about: pages in iframes. An attacker could potentially exploit=

this to gain additional privileges, in combination with a
content-injection bug in one of those about: pages. (CVE-2017-5391)

Stuart Colville discovered that mozAddonManager allows for the
installation of extensions from the CDN for addons.mozilla.org, a publicl=
y
accessible site. If a user were tricked in to installing a specially
crafted addon, an attacker could potentially exploit this, in combination=

with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to
install additional addons. (CVE-2017-5393)

Filipe Gomes discovered a use-after-free in the media decoder in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5396)=


Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
firefox 51.0.1+build2-0ubuntu0.16.10.1

Ubuntu 16.04 LTS:
firefox 51.0.1+build2-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
firefox 51.0.1+build2-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
firefox 51.0.1+build2-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3175-1
CVE-2017-5373, CVE-2017-5374, CVE-2017-5375, CVE-2017-5376,
CVE-2017-5377, CVE-2017-5378, CVE-2017-5379, CVE-2017-5380,
CVE-2017-5381, CVE-2017-5382, CVE-2017-5383, CVE-2017-5384,
CVE-2017-5385, CVE-2017-5386, CVE-2017-5387, CVE-2017-5388,
CVE-2017-5389, CVE-2017-5390, CVE-2017-5391, CVE-2017-5393,
CVE-2017-5396

Package Information:
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.16.=
10.1
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.16.=
04.1
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.14.=
04.1
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.12.=
04.1



--XujvAIX6ErbqwXtGgTqj34h9kJDcJB8kl--

 

TOP

Mailings :

Exploits :