Home / mailings [USN-1548-2] Firefox regression
Posted on 11 September 2012
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1548-2
September 11, 2012
firefox regression
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
USN-1548-1 introduced a regression in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a
regression in Private Browsing which could leak sites visited to the
browser cache. This update fixes the problem.
Original advisory details:
Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, And=
rew
Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel
Holbert discovered memory safety issues affecting Firefox. If the user w=
ere
tricked into opening a specially crafted page, an attacker could exploit=
these to cause a denial of service via application crash, or potentially=
execute code with the privileges of the user invoking Firefox.
(CVE-2012-1970, CVE-2012-1971)
=20
Abhishek Arya discovered multiple use-after-free vulnerabilities. If the=
user were tricked into opening a specially crafted page, an attacker cou=
ld
exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefo=
x.
(CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-19=
76,
CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-396=
0,
CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)
=20
Mariusz Mlynsk discovered that it is possible to shadow the location obj=
ect
using Object.defineProperty. This could potentially result in a cross-si=
te
scripting (XSS) attack against plugins. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted=
page, a remote attacker could exploit this to modify the contents or ste=
al
confidential data within the same domain. (CVE-2012-1956)
=20
Mariusz Mlynski discovered an escalation of privilege vulnerability thro=
ugh
about:newtab. This could possibly lead to potentially code execution wit=
h
the privileges of the user invoking Firefox. (CVE-2012-3965)
=20
Fr=C3=A9d=C3=A9ric Hoguin discovered that bitmap format images with a ne=
gative height
could potentially result in memory corruption. If the user were tricked
into opening a specially crafted image, an attacker could exploit
this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Firefox.
(CVE-2012-3966)
=20
It was discovered that Firefox's WebGL implementation was vulnerable to
multiple memory safety issues. If the user were tricked into opening a
specially crafted page, an attacker could exploit these to cause a denia=
l
of service via application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2012-3967, CVE-2012-3968)
=20
Arthur Gerkis discovered multiple memory safety issues in Firefox's
Scalable Vector Graphics (SVG) implementation. If the user were tricked
into opening a specially crafted image, an attacker could exploit these =
to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-3969,
CVE-2012-3970)
=20
Christoph Diehl discovered multiple memory safety issues in the bundled
Graphite 2 library. If the user were tricked into opening a specially
crafted page, an attacker could exploit these to cause a denial of servi=
ce
via application crash, or potentially execute code with the privileges o=
f
the user invoking Firefox. (CVE-2012-3971)
=20
Nicolas Gr=C3=A9goire discovered an out-of-bounds read in the format-num=
ber
feature of XSLT. This could potentially cause inaccurate formatting of
numbers and information leakage. (CVE-2012-3972)
=20
Mark Goodwin discovered that under certain circumstances, Firefox's
developer tools could allow remote debugging even when disabled.
(CVE-2012-3973)
=20
It was discovered that when the DOMParser is used to parse text/html dat=
a
in a Firefox extension, linked resources within this HTML data will be
loaded. If the data being parsed in the extension is untrusted, it could=
lead to information leakage and potentially be combined with other attac=
ks
to become exploitable. (CVE-2012-3975)
=20
Mark Poticha discovered that under certain circumstances incorrect SSL
certificate information can be displayed on the addressbar, showing the =
SSL
data for a previous site while another has been loaded. This could
potentially be used for phishing attacks. (CVE-2012-3976)
=20
It was discovered that, in some instances, certain security checks in th=
e
location object could be bypassed. This could allow for the loading of
restricted content and can potentially be combined with other issues to
become exploitable. (CVE-2012-3978)
=20
Colby Russell discovered that eval in the web console can execute inject=
ed
code with chrome privileges, leading to the running of malicious code in=
a
privileged context. If the user were tricked into opening a specially
crafted page, an attacker could exploit this to cause a denial of servic=
e
via application crash, or potentially execute code with the privileges o=
f
the user invoking Firefox. (CVE-2012-3980)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
firefox 15.0.1+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
firefox 15.0.1+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
firefox 15.0.1+build1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
firefox 15.0.1+build1-0ubuntu0.10.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1548-2
http://www.ubuntu.com/usn/usn-1548-1
https://launchpad.net/bugs/1047667
Package Information:
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.12.=
04.1
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.11.=
10.1
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.11.=
04.1
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.10.=
04.1
------------
