what you don't know can hurt you

Ubuntu Security Notice USN-2550-1

Ubuntu Security Notice USN-2550-1
Posted Apr 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2550-1 - Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. Bobby Holley discovered that windows created to hold privileged UI content retained access to privileged internal methods if navigated to unprivileged content. An attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804, CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808, CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814, CVE-2015-0815, CVE-2015-0816
MD5 | addd56853ab86e778c41e9c63ab5868f

Ubuntu Security Notice USN-2550-1

Change Mirror Download
============================================================================
Ubuntu Security Notice USN-2550-1
April 01, 2015

firefox vulnerabilities
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Olli Pettay and Boris Zbarsky discovered an issue during anchor
navigations in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to bypass same-origin policy restrictions. (CVE-2015-0801)

Bobby Holley discovered that windows created to hold privileged UI content
retained access to privileged internal methods if navigated to
unprivileged content. An attacker could potentially exploit this in
combination with another flaw, in order to execute arbitrary script in a
privileged context. (CVE-2015-0802)

Several type confusion issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-0803, CVE-2015-0804)

Abhishek Arya discovered memory corruption issues during 2D graphics
rendering. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-0805, CVE-2015-0806)

Christoph Kerschbaumer discovered that CORS requests from
navigator.sendBeacon() followed 30x redirections after preflight. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to conduct cross-site request forgery
(XSRF) attacks. (CVE-2015-0807)

Mitchell Harper discovered an issue with memory management of simple-type
arrays in WebRTC. An attacker could potentially exploit this to cause
undefined behaviour. (CVE-2015-0808)

Felix Gr=F6bert discovered an out-of-bounds read in the QCMS colour
management library. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2015-0811)

Armin Razmdjou discovered that lightweight themes could be installed
in Firefox without a user approval message, from Mozilla subdomains
over HTTP without SSL. A remote attacker could potentially exploit this by
conducting a Man-In-The-Middle (MITM) attack to install themes without
user approval. (CVE-2015-0812)

Aki Helin discovered a use-after-free when playing MP3 audio files using
the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-0813)

Christian Holler, Andrew McCreight, Gary Kwong, Karl Tomlinson, Randell
Jesup, Shu-yu Guo, Steve Fink, Tooru Fujisawa, and Byron Campen discovered
multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-0814, CVE-2015-0815)

Mariusz Mlynski discovered that documents loaded via resource: URLs (such
as PDF.js) could load privileged chrome pages. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this in combination with another flaw, in order to execute
arbitrary script in a privileged context. (CVE-2015-0816)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
firefox 37.0+build2-0ubuntu0.14.10.1

Ubuntu 14.04 LTS:
firefox 37.0+build2-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
firefox 37.0+build2-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2550-1
CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804,
CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808,
CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814,
CVE-2015-0815, CVE-2015-0816

Package Information:
https://launchpad.net/ubuntu/+source/firefox/37.0+build2-0ubuntu0.14.10.1
https://launchpad.net/ubuntu/+source/firefox/37.0+build2-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/firefox/37.0+build2-0ubuntu0.12.04.1

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    6 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close