Ubuntu 12.04 LTS / 12.10 / 13.10 / 14.04 : firefox vulnerabilities (USN-2185-1)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij,
Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir
Vukicevic and Christian Holler discovered multiple memory safety
issues in Firefox. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit these to cause
a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2014-1518,
CVE-2014-1519)

An out of bounds read was discovered in Web Audio. An attacker could
potentially exploit this cause a denial of service via application
crash or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2014-1522)

Abhishek Arya discovered an out of bounds read when decoding JPG
images. An attacker could potentially exploit this to cause a denial
of service via application crash. (CVE-2014-1523)

Abhishek Arya discovered a buffer overflow when a script uses a
non-XBL object as an XBL object. An attacker could potentially exploit
this to execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2014-1524)

Abhishek Arya discovered a use-after-free in the Text Track Manager
when processing HTML video. An attacker could potentially exploit this
to cause a denial of service via application crash or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-1525)

Jukka Jylänki discovered an out-of-bounds write in Cairo when working
with canvas in some circumstances. An attacker could potentially
exploit this to cause a denial of service via application crash or
execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2014-1528)

Mariusz Mlynski discovered that sites with notification permissions
can run script in a privileged context in some circumstances. An
attacker could exploit this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2014-1529)

It was discovered that browser history navigations could be used to
load a site with the addressbar displaying the wrong address. An
attacker could potentially exploit this to conduct cross-site
scripting or phishing attacks. (CVE-2014-1530)

A use-after-free was discovered when resizing images in some
circumstances. An attacker could potentially exploit this to cause a
denial of service via application crash or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2014-1531)

Christian Heimes discovered that NSS did not handle IDNA domain
prefixes correctly for wildcard certificates. An attacker could
potentially exploit this by using a specially crafted certificate to
conduct a man-in-the-middle attack. (CVE-2014-1492)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free
during host resolution in some circumstances. An attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2014-1532)

Boris Zbarsky discovered that the debugger bypassed XrayWrappers for
some objects. If a user were tricked in to opening a specially crafted
website whilst using the debugger, an attacker could potentially
exploit this to execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2014-1526).

Solution :

Update the affected firefox package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false