USN-2833-1: Firefox vulnerabilities

15 December 2015

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description

  • firefox - Mozilla Open Source web browser

Details

Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7201, CVE-2015-7202)

Ronald Crane discovered three buffer overflows through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7203, CVE-2015-7220, CVE-2015-7221)

Cajus Pollmeier discovered a crash during javascript variable assignments in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7204)

Ronald Crane discovered a buffer overflow through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7205)

It was discovered that it is possible to read cross-origin URLs following a redirect if performance.getEntries() is used with an iframe to host a page. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-7207)

It was discovered that Firefox allows for control characters to be set in cookies. An attacker could potentially exploit this to conduct cookie injection attacks on some web servers. (CVE-2015-7208)

Looben Yang discovered a use-after-free in WebRTC when closing channels in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7210)

Abdulrahman Alqabandi discovered that hash symbol is incorrectly handled when parsing data: URLs. An attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-7211)

Abhishek Arya discovered an integer overflow when allocating large textures. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7212)

Ronald Crane dicovered an integer overflow when processing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7213)

Tsubasa Iinuma discovered a way to bypass same-origin restrictions using data: and view-source: URLs. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information and read local files. (CVE-2015-7214)

Masato Kinugawa discovered a cross-origin information leak in error events in web workers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-7215)

Gustavo Grieco discovered that the file chooser crashed on malformed images due to flaws in the Jasper library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-7216, CVE-2015-7217)

Stuart Larsen discoverd two integer underflows when handling malformed HTTP/2 frames in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash. (CVE-2015-7218, CVE-2015-7219)

Gerald Squelart discovered an integer underflow in the libstagefright library when parsing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7222)

Kris Maglione discovered a mechanism where web content could use WebExtension APIs to execute code with the privileges of a particular WebExtension. If a user were tricked in to opening a specially crafted website with a vulnerable extension installed, an attacker could potentially exploit this to obtain sensitive information or conduct cross-site scripting (XSS) attacks. (CVE-2015-7223)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10
firefox - 43.0+build1-0ubuntu0.15.10.1
Ubuntu 15.04
firefox - 43.0+build1-0ubuntu0.15.04.1
Ubuntu 14.04 LTS
firefox - 43.0+build1-0ubuntu0.14.04.1
Ubuntu 12.04 LTS
firefox - 43.0+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make all the necessary changes.

References