USN-2052-1: Firefox vulnerabilities

11 December 2013

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10
  • Ubuntu 13.04
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description

  • firefox - Mozilla Open Source web browser

Details

Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)

Myk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2013-5611)

Masato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612)

Daniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616)

A use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618)

Dan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619)

Tyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671)

Vincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure. (CVE-2013-6672)

Sijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673)

Tyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613)

Eric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615)

Michal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10
firefox - 26.0+build2-0ubuntu0.13.10.2
Ubuntu 13.04
firefox - 26.0+build2-0ubuntu0.13.04.2
Ubuntu 12.10
firefox - 26.0+build2-0ubuntu0.12.10.2
Ubuntu 12.04 LTS
firefox - 26.0+build2-0ubuntu0.12.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References