Home / mailings [USN-3175-2] Firefox regression
Posted on 07 February 2017
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-3175-2
February 06, 2017
firefox regression
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3175-1 introduced a regression in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-3175-1 fixed vulnerabilities in Firefox. The update caused a
regression on systems where the AppArmor profile for Firefox is set to
enforce mode. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple memory safety issues were discovered in Firefox. If a user were=
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)
=20
JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of=
service via application crash, or execute arbitrary code. (CVE-2017-5375=
)
=20
Nicolas Gr=C3=A9goire discovered a use-after-free when manipulating XSL =
in
XSLT documents in some circumstances. If a user were tricked in to openi=
ng
a specially crafted website, an attacker could potentially exploit this =
to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2017-5376)
=20
Atte Kettunen discovered a memory corruption issue in Skia in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of=
service via application crash, or execute arbitrary code. (CVE-2017-5377=
)
=20
Jann Horn discovered that an object's address could be discovered throug=
h
hashed codes of JavaScript objects shared between pages. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to obtain sensitive information. (CVE-2017-5378=
)
=20
A use-after-free was discovered in Web Animations in some circumstances.=
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via=
application crash, or execute arbitrary code. (CVE-2017-5379)
=20
A use-after-free was discovered during DOM manipulation of SVG content i=
n
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2017-5380)
=20
Jann Horn discovered that the "export" function in the Certificate Viewe=
r
can force local filesystem navigation when the Common Name contains
slashes. If a user were tricked in to exporting a specially crafted
certificate, an attacker could potentially exploit this to save content
with arbitrary filenames in unsafe locations. (CVE-2017-5381)
=20
Jerri Rice discovered that the Feed preview for RSS feeds can be used to=
capture errors and exceptions generated by privileged content. An attack=
er
could potentially exploit this to obtain sensitive information.
(CVE-2017-5382)
=20
Armin Razmjou discovered that certain unicode glyphs do not trigger
punycode display. An attacker could potentially exploit this to spoof th=
e
URL bar contents. (CVE-2017-5383)
=20
Paul Stone and Alex Chapman discovered that the full URL path is exposed=
to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a=
user has enabled Web Proxy Auto Detect (WPAD), an attacker could
potentially exploit this to obtain sensitive information. (CVE-2017-5384=
)
=20
Muneaki Nishimura discovered that data sent in multipart channels will
ignore the Referrer-Policy response headers. An attacker could potential=
ly
exploit this to obtain sensitive information. (CVE-2017-5385)
=20
Muneaki Nishimura discovered that WebExtensions can affect other
extensions using the data: protocol. If a user were tricked in to
installing a specially crafted addon, an attacker could potentially
exploit this to obtain sensitive information or gain additional
privileges. (CVE-2017-5386)
=20
Mustafa Hasan discovered that the existence of local files can be
determined using the <track> element. An attacker could potentially
exploit this to obtain sensitive information. (CVE-2017-5387)
=20
Cullen Jennings discovered that WebRTC can be used to generate large
amounts of UDP traffic. An attacker could potentially exploit this to
conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)
=20
Kris Maglione discovered that WebExtensions can use the mozAddonManager
API by modifying the CSP headers on sites with the appropriate permissio=
ns
and then using host requests to redirect script loads to a malicious sit=
e.
If a user were tricked in to installing a specially crafted addon, an
attacker could potentially exploit this to install additional addons
without user permission. (CVE-2017-5389)
=20
Jerri Rice discovered insecure communication methods in the Dev Tools JS=
ON
Viewer. An attacker could potentially exploit this to gain additional
privileges. (CVE-2017-5390)
=20
Jerri Rice discovered that about: pages used by content can load
privileged about: pages in iframes. An attacker could potentially exploi=
t
this to gain additional privileges, in combination with a
content-injection bug in one of those about: pages. (CVE-2017-5391)
=20
Stuart Colville discovered that mozAddonManager allows for the
installation of extensions from the CDN for addons.mozilla.org, a public=
ly
accessible site. If a user were tricked in to installing a specially
crafted addon, an attacker could potentially exploit this, in combinatio=
n
with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to
install additional addons. (CVE-2017-5393)
=20
Filipe Gomes discovered a use-after-free in the media decoder in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of=
service via application crash, or execute arbitrary code. (CVE-2017-5396=
)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
firefox 51.0.1+build2-0ubuntu0.16.10.2
Ubuntu 16.04 LTS:
firefox 51.0.1+build2-0ubuntu0.16.04.2
Ubuntu 14.04 LTS:
firefox 51.0.1+build2-0ubuntu0.14.04.2
Ubuntu 12.04 LTS:
firefox 51.0.1+build2-0ubuntu0.12.04.2
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3175-2
http://www.ubuntu.com/usn/usn-3175-1
https://launchpad.net/bugs/1659922
Package Information:
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.16.=
10.2
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.16.=
04.2
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.14.=
04.2
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.12.=
04.2
--tUjMdXffPTCUWnGBQ1EEj5poM5JJOhStg--
