============================================================================
Ubuntu Security Notice USN-2656-2
July 15, 2015

firefox vulnerabilities
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and
later releases.

This update provides the corresponding update for Ubuntu 12.04 LTS.

Original advisory details:

 Karthikeyan Bhargavan discovered that NSS incorrectly handled state
 transitions for the TLS state machine. If a remote attacker were able to
 perform a man-in-the-middle attack, this flaw could be exploited to skip
 the ServerKeyExchange message and remove the forward-secrecy property.
 (CVE-2015-2721)
 
 Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in
 some circumstances. If a user were tricked in to opening a specially
 crafted website, an attacker could potentially exploit these to cause a
 denial of service via application crash, or execute arbitrary code with
 the privileges of the user invoking Firefox. (CVE-2015-2722,
 CVE-2015-2733)
 
 Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence
 Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru
 Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory
 safety issues in Firefox. If a user were tricked in to opening a specially
 crafted website, an attacker could potentially exploit these to cause a
 denial of service via application crash, or execute arbitrary code with
 the privileges of the user invoking Firefox. (CVE-2015-2724,
 CVE-2015-2725, CVE-2015-2726)
 
 Armin Razmdjou discovered that opening hyperlinks with specific mouse
 and key combinations could allow a Chrome privileged URL to be opened
 without context restrictions being preserved. If a user were tricked in to
 opening a specially crafted website, an attacker could potentially exploit
 this to bypass security restrictions. (CVE-2015-2727)
 
 Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If
 a user were tricked in to opening a specially crafted website, an attacker
 could potentially exploit this to cause a denial of service via
 application crash or execute arbitrary code with the priviliges of the
 user invoking Firefox. (CVE-2015-2728)
 
 Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a
 user were tricked in to opening a specially crafted website, an attacker
 could potentially exploit this to obtain sensitive information.
 (CVE-2015-2729)
 
 Watson Ladd discovered that NSS incorrectly handled Elliptical Curve
 Cryptography (ECC) multiplication. A remote attacker could possibly use
 this issue to spoof ECDSA signatures. (CVE-2015-2730)
 
 A use-after-free was discovered when a Content Policy modifies the DOM to
 remove a DOM object. If a user were tricked in to opening a specially
 crafted website, an attacker could potentially exploit this to cause a
 denial of service via application crash or execute arbitrary code with the
 priviliges of the user invoking Firefox. (CVE-2015-2731)
 
 Ronald Crane discovered multiple security vulnerabilities. If a user were
 tricked in to opening a specially crafted website, an attacker could
 potentially exploit these to cause a denial of service via application
 crash, or execute arbitrary code with the privileges of the user invoking
 Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737,
 CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)
 
 David Keeler discovered that key pinning checks can be skipped when an
 overridable certificate error occurs. This allows a user to manually
 override an error for a fake certificate, but cannot be exploited on its
 own. (CVE-2015-2741)
 
 Jonas Jenwald discovered that some internal workers were incorrectly
 executed with a high privilege. If a user were tricked in to opening a
 specially crafted website, an attacker could potentially exploit this in
 combination with another security vulnerability, to execute arbitrary code
 in a privileged scope. (CVE-2015-2743)
 
 Matthew Green discovered a DHE key processing issue in NSS where a MITM
 could force a server to downgrade TLS connections to 512-bit export-grade
 cryptography. An attacker could potentially exploit this to impersonate
 the server. (CVE-2015-4000)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  firefox                         39.0+build5-0ubuntu0.12.04.2

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2656-2
  http://www.ubuntu.com/usn/usn-2656-1
  CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725,
  CVE-2015-2726, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729,
  CVE-2015-2730, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734,
  CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738,
  CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-2743,
  CVE-2015-4000

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/39.0+build5-0ubuntu0.12.04.2