Ubuntu 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1729-2)

Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

USN-1729-1 fixed vulnerabilities in Firefox. This update introduced a
regression which sometimes resulted in freezes and crashes when using
multiple tabs with images displayed. This update fixes the problem.

We apologize for the inconvenience.

Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew
McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary
Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and
Nicolas Pierron discovered multiple memory safety issues affecting
Firefox. If the user were tricked into opening a specially crafted
page, an attacker could possibly exploit these to cause a denial of
service via application crash. (CVE-2013-0783, CVE-2013-0784)

Atte Kettunen discovered that Firefox could perform an
out-of-bounds read while rendering GIF format images. An
attacker could exploit this to crash Firefox.
(CVE-2013-0772)

Boris Zbarsky discovered that Firefox did not properly
handle some wrapped WebIDL objects. If the user were tricked
into opening a specially crafted page, an attacker could
possibly exploit this to cause a denial of service via
application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2013-0765)

Bobby Holley discovered vulnerabilities in Chrome Object
Wrappers (COW) and System Only Wrappers (SOW). If a user
were tricked into opening a specially crafted page, a remote
attacker could exploit this to bypass security protections
to obtain sensitive information or potentially execute code
with the privileges of the user invoking Firefox.
(CVE-2013-0773)

Frederik Braun discovered that Firefox made the location of
the active browser profile available to JavaScript workers.
(CVE-2013-0774)

A use-after-free vulnerability was discovered in Firefox. An
attacker could potentially exploit this to execute code with
the privileges of the user invoking Firefox. (CVE-2013-0775)

Michal Zalewski discovered that Firefox would not always
show the correct address when cancelling a proxy
authentication prompt. A remote attacker could exploit this
to conduct URL spoofing and phishing attacks.
(CVE-2013-0776)

Abhishek Arya discovered several problems related to memory
handling. If the user were tricked into opening a specially
crafted page, an attacker could possibly exploit these to
cause a denial of service via application crash, or
potentially execute code with the privileges of the user
invoking Firefox. (CVE-2013-0777, CVE-2013-0778,
CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782).

Solution :

Update the affected firefox package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false