Home / mailings [USN-1509-1] Firefox vulnerabilities
Posted on 18 July 2012
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1509-1
July 17, 2012
firefox vulnerabilities
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith,
Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discov=
ered
memory safety issues affecting Firefox. If the user were tricked into openi=
ng a
specially crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code with t=
he
privileges of the user invoking Firefox. (CVE-2012-1948, CVE-2012-1949)
Mario Gomes discovered that the address bar may be incorrectly updated.
Drag-and-drop events in the address bar may cause the address of the previo=
us
site to be displayed while a new page is loaded. An attacker could exploit =
this
to conduct phishing attacks. (CVE-2012-1950)
Abhishek Arya discovered four memory safety issues affecting Firefox. If the
user were tricked into opening a specially crafted page, an attacker could
possibly exploit these to cause a denial of service via application crash, =
or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
Mariusz Mlynski discovered that the address bar may be incorrectly updated.
Calls to history.forward and history.back could be used to navigate to a si=
te
while the address bar still displayed the previous site. A remote attacker
could exploit this to conduct phishing attacks. (CVE-2012-1955)
Mario Heiderich discovered that HTML <embed> tags were not filtered out of =
the
HTML <description> of RSS feeds. A remote attacker could exploit this to
conduct cross-site scripting (XSS) attacks via javascript execution in the =
HTML
feed view. (CVE-2012-1957)
Arthur Gerkis discovered a use-after-free vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potenti=
ally
execute code with the privileges of the user invoking Firefox. (CVE-2012-19=
58)
Bobby Holley discovered that same-compartment security wrappers (SCSW) coul=
d be
bypassed to allow XBL access. If the user were tricked into opening a speci=
ally
crafted page, an attacker could possibly exploit this to execute code with =
the
privileges of the user invoking Firefox. (CVE-2012-1959)
Tony Payne discovered an out-of-bounds memory read in Mozilla's color
management library (QCMS). If the user were tricked into opening a specially
crafted color profile, an attacker could possibly exploit this to cause a
denial of service via application crash. (CVE-2012-1960)
Fr=E9d=E9ric Buclin discovered that the X-Frame-Options header was ignored =
when its
value was specified multiple times. An attacker could exploit this to condu=
ct
clickjacking attacks. (CVE-2012-1961)
Bill Keese discovered a memory corruption vulnerability. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or potenti=
ally
execute code with the privileges of the user invoking Firefox. (CVE-2012-19=
62)
Karthikeyan Bhargavan discovered an information leakage vulnerability in the
Content Security Policy (CSP) 1.0 implementation. If the user were tricked =
into
opening a specially crafted page, an attacker could possibly exploit this to
access a user's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1=
963)
Matt McCutchen discovered a clickjacking vulnerability in the certificate
warning page. A remote attacker could trick a user into accepting a malicio=
us
certificate via a crafted certificate warning page. (CVE-2012-1964)
Mario Gomes and Soroush Dalili discovered that javascript was not filtered =
out
of feed URLs. If the user were tricked into opening a specially crafted URL=
, an
attacker could possibly exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2012-1965)
A vulnerability was discovered in the context menu of data: URLs. If the us=
er
were tricked into opening a specially crafted URL, an attacker could possib=
ly
exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-1966)
It was discovered that the execution of javascript: URLs was not properly
handled in some cases. A remote attacker could exploit this to execute code
with the privileges of the user invoking Firefox. (CVE-2012-1967)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
firefox 14.0.1+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
firefox 14.0.1+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
firefox 14.0.1+build1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
firefox 14.0.1+build1-0ubuntu0.10.04.1
When upgrading, users should be aware of the following:
- In Ubuntu 11.04, unity-2d users may lose the ability to view drop-down me=
nus,
context menus, and perform drag-and-drop operations in Firefox. This is a k=
nown
issue being tracked in https://launchpad.net/bugs/1020198 and may be fixed =
in a
later update.
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1509-1
CVE-2012-1948, CVE-2012-1949, CVE-2012-1950, CVE-2012-1951,
CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955,
CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960,
CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1964,
CVE-2012-1965, CVE-2012-1966, CVE-2012-1967, https://launchpad.net/bugs/1=
020198,
https://launchpad.net/bugs/1024562
Package Information:
https://launchpad.net/ubuntu/+source/firefox/14.0.1+build1-0ubuntu0.12.04=
=2E1
https://launchpad.net/ubuntu/+source/firefox/14.0.1+build1-0ubuntu0.11.10=
=2E1
https://launchpad.net/ubuntu/+source/firefox/14.0.1+build1-0ubuntu0.11.04=
=2E1
https://launchpad.net/ubuntu/+source/firefox/14.0.1+build1-0ubuntu0.10.04=
=2E1
