Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1509-1)

Ubuntu Security Notice (C) 2012-2014 Canonical, Inc. / NASL script (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian
Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle
Huey discovered memory safety issues affecting Firefox. If the user
were tricked into opening a specially crafted page, an attacker could
possibly exploit these to cause a denial of service via application
crash, or potentially execute code with the privileges of the user
invoking Firefox. (CVE-2012-1948, CVE-2012-1949)

Mario Gomes discovered that the address bar may be incorrectly
updated. Drag-and-drop events in the address bar may cause the address
of the previous site to be displayed while a new page is loaded. An
attacker could exploit this to conduct phishing attacks.
(CVE-2012-1950)

Abhishek Arya discovered four memory safety issues affecting Firefox.
If the user were tricked into opening a specially crafted page, an
attacker could possibly exploit these to cause a denial of service via
application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2012-1951, CVE-2012-1952,
CVE-2012-1953, CVE-2012-1954)

Mariusz Mlynski discovered that the address bar may be incorrectly
updated. Calls to history.forward and history.back could be used to
navigate to a site while the address bar still displayed the previous
site. A remote attacker could exploit this to conduct phishing
attacks. (CVE-2012-1955)

Mario Heiderich discovered that HTML <embed> tags were not filtered
out of the HTML <description> of RSS feeds. A remote attacker could
exploit this to conduct cross-site scripting (XSS) attacks via
JavaScript execution in the HTML feed view. (CVE-2012-1957)

Arthur Gerkis discovered a use-after-free vulnerability. If the user
were tricked into opening a specially crafted page, an attacker could
possibly exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user
invoking Firefox. (CVE-2012-1958)

Bobby Holley discovered that same-compartment security wrappers (SCSW)
could be bypassed to allow XBL access. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit
this to execute code with the privileges of the user invoking Firefox.
(CVE-2012-1959)

Tony Payne discovered an out-of-bounds memory read in Mozilla's color
management library (QCMS). If the user were tricked into opening a
specially crafted color profile, an attacker could possibly exploit
this to cause a denial of service via application crash.
(CVE-2012-1960)

Frédéric Buclin discovered that the X-Frame-Options header was
ignored when its value was specified multiple times. An attacker could
exploit this to conduct clickjacking attacks. (CVE-2012-1961)

Bill Keese discovered a memory corruption vulnerability. If the user
were tricked into opening a specially crafted page, an attacker could
possibly exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user
invoking Firefox. (CVE-2012-1962)

Karthikeyan Bhargavan discovered an information leakage vulnerability
in the Content Security Policy (CSP) 1.0 implementation. If the user
were tricked into opening a specially crafted page, an attacker could
possibly exploit this to access a user's OAuth 2.0 access tokens and
OpenID credentials. (CVE-2012-1963)

Matt McCutchen discovered a clickjacking vulnerability in the
certificate warning page. A remote attacker could trick a user into
accepting a malicious certificate via a crafted certificate warning
page. (CVE-2012-1964)

Mario Gomes and Soroush Dalili discovered that JavaScript was not
filtered out of feed URLs. If the user were tricked into opening a
specially crafted URL, an attacker could possibly exploit this to
conduct cross-site scripting (XSS) attacks. (CVE-2012-1965)

A vulnerability was discovered in the context menu of data: URLs. If
the user were tricked into opening a specially crafted URL, an
attacker could possibly exploit this to conduct cross-site scripting
(XSS) attacks. (CVE-2012-1966)

It was discovered that the execution of javascript: URLs was not
properly handled in some cases. A remote attacker could exploit this
to execute code with the privileges of the user invoking Firefox.
(CVE-2012-1967).

Solution :

Update the affected firefox package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)