Ubuntu 11.04 : firefox vulnerabilities (USN-1192-1)

Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Aral Yaman discovered a vulnerability in the WebGL engine. An attacker
could potentially use this to crash Firefox or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2011-2989)

Vivekanand Bolajwar discovered a vulnerability in the JavaScript
engine. An attacker could potentially use this to crash Firefox or
execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2011-2991)

Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg
reader. An attacker could potentially use this to crash Firefox or
execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2011-2991)

Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn
Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered
multiple memory vulnerabilities in the browser rendering engine. An
attacker could use these to possibly execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2011-2985)

Rafael Gieschke discovered that unsigned JavaScript could call into a
script inside a signed JAR. This could allow an attacker to execute
arbitrary code with the identity and permissions of the signed JAR.
(CVE-2011-2993)

Michael Jordon discovered that an overly long shader program could
cause a buffer overrun. An attacker could potentially use this to
crash Firefox or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2011-2988)

Michael Jordon discovered a heap overflow in the ANGLE library used in
Firefox's WebGL implementation. An attacker could potentially use this
to crash Firefox or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2011-2987)

It was discovered that an SVG text manipulation routine contained a
dangling pointer vulnerability. An attacker could potentially use this
to crash Firefox or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2011-0084)

Mike Cardwell discovered that Content Security Policy violation
reports failed to strip out proxy authorization credentials from the
list of request headers. This could allow a malicious website to
capture proxy authorization credentials. Daniel Veditz discovered that
redirecting to a website with Content Security Policy resulted in the
incorrect resolution of hosts in the constructed policy. This could
allow a malicious website to circumvent the Content Security Policy of
another website. (CVE-2011-2990).

Solution :

Update the affected firefox package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 55898 ()

Bugtraq ID:

CVE ID: CVE-2011-0084
CVE-2011-2985
CVE-2011-2987
CVE-2011-2988
CVE-2011-2989
CVE-2011-2990
CVE-2011-2991
CVE-2011-2992
CVE-2011-2993