Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1463-1)

Ubuntu Security Notice (C) 2012-2014 Canonical, Inc. / NASL script (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew
McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered
memory safety issues affecting Firefox. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit
these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Firefox. (CVE-2012-1937, CVE-2012-1938)

It was discovered that Mozilla's WebGL implementation exposed a bug in
certain NVIDIA graphics drivers. The impact of this issue has not been
disclosed at this time. (CVE-2011-3101)

Adam Barth discovered that certain inline event handlers were not
being blocked properly by the Content Security Policy's (CSP)
inline-script blocking feature. Web applications relying on this
feature of CSP to protect against cross-site scripting (XSS) were not
fully protected. With cross-site scripting vulnerabilities, if a user
were tricked into viewing a specially crafted page, a remote attacker
could exploit this to modify the contents, or steal confidential data,
within the same domain. (CVE-2012-1944)

Paul Stone discovered that a viewed HTML page hosted on a Windows or
Samba share could load Windows shortcut files (.lnk) in the same
share. These shortcut files could then link to arbitrary locations on
the local file system of the individual loading the HTML page. An
attacker could potentially use this vulnerability to show the contents
of these linked files or directories in an iframe, resulting in
information disclosure. (CVE-2012-1945)

Arthur Gerkis discovered a use-after-free vulnerability while
replacing/inserting a node in a document. If the user were tricked
into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Firefox. (CVE-2012-1946)

Kaspar Brand discovered a vulnerability in how the Network Security
Services (NSS) ASN.1 decoder handles zero length items. If the user
were tricked into opening a specially crafted page, an attacker could
possibly exploit this to cause a denial of service via application
crash. (CVE-2012-0441)

Abhishek Arya discovered two buffer overflow and one use-after-free
vulnerabilities. If the user were tricked into opening a specially
crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code
with the privileges of the user invoking Firefox. (CVE-2012-1940,
CVE-2012-1941, CVE-2012-1947).

Solution :

Update the affected firefox package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false