Home / mailings [USN-1400-1] Firefox vulnerabilities
Posted on 16 March 2012
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1400-1
March 16, 2012
firefox vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Soroush Dalili discovered that Firefox did not adequately protect against=
dropping JavaScript links onto a frame. A remote attacker could, through
cross-site scripting (XSS), exploit this to modify the contents or steal
confidential data. (CVE-2012-0455)
Atte Kettunen discovered a use-after-free vulnerability in Firefox's
handling of SVG animations. An attacker could potentially exploit this to=
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2012-0457)
Atte Kettunen discovered an out of bounds read vulnerability in Firefox's=
handling of SVG Filters. An attacker could potentially exploit this to ma=
ke
data from the user's memory accessible to the page content. (CVE-2012-045=
6)
Mike Brooks discovered that using carriage return line feed (CRLF)
injection, one could introduce a new Content Security Policy (CSP) rule
which allows for cross-site scripting (XSS) on sites with a separate head=
er
injection vulnerability. With cross-site scripting vulnerabilities, if a
user were tricked into viewing a specially crafted page, a remote attacke=
r
could exploit this to modify the contents, or steal confidential data,
within the same domain. (CVE-2012-0451)
Mariusz Mlynski discovered that the Home button accepted JavaScript links=
to set the browser Home page. An attacker could use this vulnerability to=
get the script URL loaded in the privileged about:sessionrestore context.=
(CVE-2012-0458)
Daniel Glazman discovered that the Cascading Style Sheets (CSS)
implementation is vulnerable to crashing due to modification of a keyfram=
e
followed by access to the cssText of the keyframe. If the user were trick=
ed
into opening a specially crafted web page, an attacker could exploit this=
to cause a denial of service via application crash, or potentially execut=
e
code with the privileges of the user invoking Firefox. (CVE-2012-0459)
Matt Brubeck discovered that Firefox did not properly restrict access to
the window.fullScreen object. If the user were tricked into opening a
specially crafted web page, an attacker could potentially use this
vulnerability to spoof the user interface. (CVE-2012-0460)
Bob Clary, Christian Holler, Jesse Ruderman, Nils, Michael Bebenita,
Dindog, David Anderson, Jeff Walden, Vincenzo Iozzo, and Willem Pinckaers=
discovered memory safety issues affecting Firefox. If the user were trick=
ed
into opening a specially crafted page, an attacker could exploit these to=
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0461,
CVE-2012-0462, CVE-2012-0464)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
firefox 11.0+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
firefox 11.0+build1-0ubuntu0.11.04.1
Ubuntu 10.10:
firefox 11.0+build1-0ubuntu0.10.10.2
Ubuntu 10.04 LTS:
firefox 11.0+build1-0ubuntu0.10.04.2
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1400-1
CVE-2012-0451, CVE-2012-0455, CVE-2012-0457, CVE-2012-0458,
CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462,
CVE-2012-0464, https://launchpad.net/bugs/951250
Package Information:
https://launchpad.net/ubuntu/+source/firefox/11.0+build1-0ubuntu0.11.10=
=2E1
https://launchpad.net/ubuntu/+source/firefox/11.0+build1-0ubuntu0.11.04=
=2E1
https://launchpad.net/ubuntu/+source/firefox/11.0+build1-0ubuntu0.10.10=
=2E2
https://launchpad.net/ubuntu/+source/firefox/11.0+build1-0ubuntu0.10.04=
=2E2
------------
