Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1430-1)

Ubuntu Security Notice (C) 2012-2014 Canonical, Inc. / NASL script (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli
Pettay discovered memory safety issues affecting Firefox. If the user
were tricked into opening a specially crafted page, an attacker could
exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Firefox. (CVE-2012-0467, CVE-2012-0468)

Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could potentially exploit this to execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2012-0469)

Atte Kettunen discovered that invalid frees cause heap corruption in
gfxImageSurface. If a user were tricked into opening a malicious
Scalable Vector Graphics (SVG) image file, an attacker could exploit
these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Firefox. (CVE-2012-0470)

Anne van Kesteren discovered a potential cross-site scripting (XSS)
vulnerability via multibyte content processing errors. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a
specially crafted page, a remote attacker could exploit this to modify
the contents, or steal confidential data, within the same domain.
(CVE-2012-0471)

Matias Juntunen discovered a vulnerability in Firefox's WebGL
implementation that potentially allows the reading of illegal video
memory. An attacker could possibly exploit this to cause a denial of
service via application crash. (CVE-2012-0473)

Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox
allowed the address bar to display a different website than the one
the user was visiting. This could potentially leave the user
vulnerable to cross-site scripting (XSS) attacks. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a
specially crafted page, a remote attacker could exploit this to modify
the contents, or steal confidential data, within the same domain.
(CVE-2012-0474)

Simone Fabiano discovered that Firefox did not always send correct
origin headers when connecting to an IPv6 websites. An attacker could
potentially use this to bypass intended access controls.
(CVE-2012-0475)

Masato Kinugawa discovered that cross-site scripting (XSS) injection
is possible during the decoding of ISO-2022-KR and ISO-2022-CN
character sets. With cross-site scripting vulnerabilities, if a user
were tricked into viewing a specially crafted page, a remote attacker
could exploit this to modify the contents, or steal confidential data,
within the same domain. (CVE-2012-0477)

It was discovered that certain images rendered using WebGL could cause
Firefox to crash. If the user were tricked into opening a specially
crafted page, an attacker could exploit this to cause a denial of
service via application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2012-0478)

Mateusz Jurczyk discovered an off-by-one error in the OpenType
Sanitizer. If the user were tricked into opening a specially crafted
page, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2011-3062)

Daniel Divricean discovered a defect in the error handling of
JavaScript errors can potentially leak the file names and location of
JavaScript files on a server. This could potentially lead to
inadvertent information disclosure and a vector for further attacks.
(CVE-2011-1187)

Jeroen van der Gun discovered a vulnerability in the way Firefox
handled RSS and Atom feeds. Invalid RSS or ATOM content loaded over
HTTPS caused the location bar to be updated with the address of this
content, while the main window still displays the previously loaded
content. An attacker could potentially exploit this vulnerability to
conduct phishing attacks. (CVE-2012-0479).

Solution :

Update the affected firefox package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true