Ubuntu 12.10 : unity-firefox-extension update (USN-1786-2)

Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

USN-1786-1 fixed vulnerabilities in Firefox. This update provides the
corresponding update for Unity Firefox Extension.

Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan
Sreckovic, Joe Drew, Andrew McCreight, Randell Jesup, Gary Kwong and
Mats Palmgren discovered multiple memory safety issues affecting
Firefox. If the user were tricked into opening a specially crafted
page, an attacker could possibly exploit these to cause a denial of
service via application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2013-0788,
CVE-2013-0789)

Ambroz Bizjak discovered an out-of-bounds array read in the
CERT_DecodeCertPackage function of the Network Security
Services (NSS) libary when decoding certain certificates. An
attacker could potentially exploit this to cause a denial of
service via application crash. (CVE-2013-0791)

Tobias Schula discovered an information leak in Firefox when
the gfx.color_management.enablev4 preference is enabled. If
the user were tricked into opening a specially crafted
image, an attacker could potentially exploit this to steal
confidential data. By default, the
gfx.color_management.enablev4 preference is not enabled in
Ubuntu. (CVE-2013-0792)

Mariusz Mlynski discovered that timed history navigations
could be used to load arbitrary websites with the wrong URL
displayed in the addressbar. An attacker could exploit this
to conduct cross-site scripting (XSS) or phishing attacks.
(CVE-2013-0793)

It was discovered that the origin indication on tab-modal
dialog boxes could be removed, which could allow an
attacker's dialog to be displayed over another sites
content. An attacker could exploit this to conduct phishing
attacks. (CVE-2013-0794)

Cody Crews discovered that the cloneNode method could be
used to bypass System Only Wrappers (SOW) to clone a
protected node and bypass same-origin policy checks. An
attacker could potentially exploit this to steal
confidential data or execute code with the privileges of the
user invoking Firefox. (CVE-2013-0795)

A crash in WebGL rendering was discovered in Firefox. An
attacker could potentially exploit this to execute code with
the privileges of the user invoking Firefox. This issue only
affects users with Intel graphics drivers. (CVE-2013-0796)

Abhishek Arya discovered an out-of-bounds write in the Cairo
graphics library. An attacker could potentially exploit this
to execute code with the privileges of the user invoking
Firefox. (CVE-2013-0800).

Solution :

Update the affected xul-ext-unity package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false