USN-2743-1: Firefox vulnerabilities

Ubuntu Security Notice USN-2743-1

22nd September, 2015

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software description

  • firefox - Mozilla Open Source web browser

Details

Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David
Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4500, CVE-2015-4501)

André Bargull discovered that when a web page creates a scripted proxy
for the window with a handler defined a certain way, a reference to the
inner window will be passed, rather than that of the outer window.
(CVE-2015-4502)

Felix Gröbert discovered an out-of-bounds read in the QCMS color
management library in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or obtain
sensitive information. (CVE-2015-4504)

Khalil Zhani discovered a buffer overflow when parsing VP9 content in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-4506)

Spandan Veggalam discovered a crash while using the debugger API in some
circumstances. If a user were tricked in to opening a specially crafted
website whilst using the debugger, an attacker could potentially exploit
this to execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4507)

Juho Nurminen discovered that the URL bar could display the wrong URL in
reader mode in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
conduct URL spoofing attacks. (CVE-2015-4508)

A use-after-free was discovered when manipulating HTML media content in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2015-4509)

Looben Yang discovered a use-after-free when using a shared worker with
IndexedDB in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2015-4510)

Francisco Alonso discovered an out-of-bounds read during 2D canvas
rendering in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive information. (CVE-2015-4512)

Jeff Walden discovered that changes could be made to immutable properties
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to execute
arbitrary script in a privileged scope. (CVE-2015-4516)

Ronald Crane reported multiple vulnerabilities. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174,
CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180)

Mario Gomes discovered that dragging and dropping an image after a
redirect exposes the redirected URL to scripts. An attacker could
potentially exploit this to obtain sensitive information. (CVE-2015-4519)

Ehsan Akhgari discovered 2 issues with CORS preflight requests. An
attacker could potentially exploit these to bypass CORS restrictions.
(CVE-2015-4520)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 15.04:
firefox 41.0+build3-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
firefox 41.0+build3-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
firefox 41.0+build3-0ubuntu0.12.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2015-4500, CVE-2015-4501, CVE-2015-4502, CVE-2015-4504, CVE-2015-4506, CVE-2015-4507, CVE-2015-4508, CVE-2015-4509, CVE-2015-4510, CVE-2015-4512, CVE-2015-4516, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180