Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)

Ubuntu Security Notice (C) 2013-2014 Canonical, Inc. / NASL script (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa,
Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse
Ruderman, and Julian Seward discovered multiple memory safety issues
affecting Firefox. If the user were tricked into opening a specially
crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code
with the privileges of the user invoking Firefox. (CVE-2013-0769,
CVE-2013-0749, CVE-2013-0770)

Abhishek Arya discovered several user-after-free and buffer overflows
in Firefox. An attacker could exploit these to cause a denial of
service via application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2013-0760,
CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766,
CVE-2013-0767, CVE-2013-0771, CVE-2012-5829)

A stack buffer was discovered in Firefox. If the user were tricked
into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Firefox. (CVE-2013-0768)

Masato Kinugawa discovered that Firefox did not always properly
display URL values in the address bar. A remote attacker could exploit
this to conduct URL spoofing and phishing attacks. (CVE-2013-0759)

Atte Kettunen discovered that Firefox did not properly handle HTML
tables with a large number of columns and column groups. If the user
were tricked into opening a specially crafted page, an attacker could
exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Firefox. (CVE-2013-0744)

Jerry Baker discovered that Firefox did not always properly handle
threading when performing downloads over SSL connections. An attacker
could exploit this to cause a denial of service via application crash.
(CVE-2013-0764)

Olli Pettay and Boris Zbarsky discovered flaws in the Javacript engine
of Firefox. An attacker could cause a denial of service via
application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2013-0745, CVE-2013-0746)

Jesse Ruderman discovered a flaw in the way Firefox handled plugins.
If a user were tricked into opening a specially crafted page, a remote
attacker could exploit this to bypass security protections to conduct
clickjacking attacks. (CVE-2013-0747)

Jesse Ruderman discovered an information leak in Firefox. An attacker
could exploit this to reveal memory address layout which could help in
bypassing ASLR protections. (CVE-2013-0748)

An integer overflow was discovered in the JavaScript engine, leading
to a heap-based buffer overflow. If the user were tricked into opening
a specially crafted page, an attacker could possibly exploit this to
execute code with the privileges of the user invoking Firefox.
(CVE-2013-0750)

Sviatoslav Chagaev discovered that Firefox did not properly handle XBL
files with multiple XML bindings with SVG content. An attacker could
cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Firefox.
(CVE-2013-0752)

Mariusz Mlynski discovered two flaws to gain access to privileged
chrome functions. An attacker could possibly exploit this to execute
code with the privileges of the user invoking Firefox. (CVE-2013-0757,
CVE-2013-0758)

Several use-after-free issues were discovered in Firefox. If the user
were tricked into opening a specially crafted page, an attacker could
possibly exploit this to execute code with the privileges of the user
invoking Firefox. (CVE-2013-0753, CVE-2013-0754, CVE-2013-0755,
CVE-2013-0756)

Two intermediate CA certificates were mis-issued by the TURKTRUST
certificate authority. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view
sensitive information. (CVE-2013-0743).

Solution :

Update the affected firefox package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true