http://www.mozilla.org/security/announce/2016/mfsa2016-05.html

1034825

https://bugzilla.mozilla.org/show_bug.cgi?id=1208525

GLSA-201605-06

The specific version of Firefox that the system is running is reportedly affected by the following vulnerabilities:

- Brotli contains a flaw in the DecodeVarLenUint8() function in dec/decode.c related to use of uninitialized memory. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1931)

- Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1930)

- Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)

- Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)

- Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)

- Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)

- Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)

- Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)

- Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)

- Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)

- Mozilla Firefox contains a flaw in the Downscaler::ClearRow() function in image/Downscaler.cpp. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)

- Mozilla Firefox contains a flaw in the nsComputedDOMStyle::GetStyleContextForElement() and nsComputedDOMStyle::GetStyleContextForElementNoFlush() functions in layout/style/nsComputedDOMStyle.cpp. The issue is triggered when using a frame that is not in the composed document. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)

- Mozilla Firefox contains a flaw that is triggered when handling fuctions accepting rest parameters. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)

- Mozilla Firefox contains a flaw in the CodeGeneratorShared::allocateData() function in js/src/jit/shared/CodeGenerator-shared.h that is triggered when handling out-of-memory error conditions. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)

- Mozilla Firefox contains a flaw in the VCMGenericEncoder::Release() function in media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc. The issue is triggered as the encoded-frame callback is not unregistered when releasing codec databases. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1930)

- Mozilla Firefox contains an unspecified flaw in js/src/vm/HelperThreads.cpp. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)

- Mozilla Firefox contains a flaw in the JSRuntime::createJitRuntime() function in js/src/jscompartment.cpp that is triggered when handling out-of-memory error conditions. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)

- Mozilla Firefox contains an unspecified flaw that is triggered when handling attribute changes. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)

- Mozilla Firefox contains a flaw in the HTMLMediaElement::NotifyAddedSource() function in dom/html/HTMLMediaElement.cpp. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)

- Mozilla Firefox contains a flaw in the nsGIFDecoder2::WriteInternal() function in image/decoders/nsGIFDecoder2.cpp that is triggered when handling GIF image frame bounds. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1931)

- Mozilla Firefox contains a flaw that is triggered when handling WebAudio content. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)

- Mozilla Firefox contains a use-after-free condition in the nsLayoutUtils::SurfaceFromElement() function in dom/html/HTMLMediaElement.cpp. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1930)

- Mozilla Firefox contains a flaw in the Evaluate() function in js/src/shell/js.cpp. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1931)

- Mozilla Firefox contains an overflow condition in the WebGLContext::BufferData() function in dom/canvas/WebGLContextBuffers.cpp that is triggered when handling cache out-of-memory error conditions. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2016-1935)

- Mozilla Firefox contains a flaw in the BrowserApp::onTabChanged() function in mobile/android/base/java/org/mozilla/gecko/BrowserApp.java. The issue is triggered when handling page scrolling. This may allow a context-dependent attacker to spoof the location. (CVE-2016-1943)

- Mozilla Firefox contains an integer overflow condition that is triggered when handling GIF images. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1933)

- Mozilla Firefox contains a flaw in the Buffer11::NativeBuffer11::map() function within the ANGLE implementation. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1944)

- Mozilla Firefox for Android contains a flaw in mobile/android/chrome/content/browser.js that is triggered when handling data: URLs. This may allow a context-dependent attacker to spoof the location. (CVE-2016-1940)

- Mozilla Firefox contains a flaw in the safe browsing feature as the Application Reputation service was unreachable. This may allow a context-dependent attacker to trick a user into downloading a malicious executable without the user being warned. (CVE-2016-1947)

- Mozilla Firefox contains an integer overflow condition in the MoofParser::Metadata() function in media/libstagefright/binding/MoofParser.cpp. The issue is triggered when handling MP4 file metadata. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1946)

- Mozilla Firefox contains a flaw in modules/libjar/nsZipArchive.cpp that is triggered when handling ZIP files. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1945)

- Mozilla Firefox contains a flaw in the nsCookieService::SetCookieInternal() function in netwerk/cookie/nsCookieService.cpp as control characters are permitted in cookie names. This may allow a context-dependent attacker to inject cookies. (CVE-2016-1939)

- Mozilla Network Security Services (NSS) contains an unspecified cryptographical issue when handling calculations that contain mp_div or mp_exptmod. This may allow an attacker to trigger potential cryptographic weaknesses. (CVE-2016-1938)

- Mozilla Firefox for Android contains a flaw in mobile/android/chrome/content/browser.js that is triggered as lightweight themes fail to properly secure connections when installing themes. This may allow a remote man-in-the-middle attacker to make changes to the theme.
 (CVE-2016-1948)

- Mozilla Firefox contains a flaw in the protocol handler in toolkit/mozapps/handling/content/dialog.js that is due to the handler treating double click events as two single click events. This may allow a context-dependent attacker to spoof content to cause a user to potentially perform malicious actions, such as downloading attacker controlled software. (CVE-2016-1937)

- Mozilla Firefox for Mac OS X contains a flaw that is triggered as the delay between the download dialog getting focus and the button getting enabled is too short. If a context-dependent attacker can trick a user into double clicking in a specific location, they can pass the second click through to a dialog below that location. This will allow the attacker to cause the user to perform unintentional actions. (CVE-2016-1941)

- Mozilla Firefox contains a flaw in browser/base/content/urlbarBindings.xml that is triggered during the handling of a URL that is invalid for the internal protocol, which will cause the URL to be pasted into the address bar. This may allow a context-dependent attacker to spoof URLs. (CVE-2016-1942)

- Mozilla Network Security Services (NSS) contains a use-after-free error in the ssl3_HandleECDHServerKeyExchange() function. The issue is triggered when handling failed allocations during DHE and ECDHE handshakes. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1978)


The remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and       Thunderbird. Please review the CVE identifiers referenced below for       details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page or email, possibly resulting in execution of arbitrary code or a       Denial of Service condition. Furthermore, a remote attacker may be able       to perform Man-in-the-Middle attacks, obtain sensitive information, spoof       the address bar, conduct clickjacking attacks, bypass security       restrictions and protection mechanisms, or have other unspecified       impacts.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
802019	Firefox < 44 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	critical
91379	GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)	Nessus	Gentoo Local Security Checks	critical

CVE-2016-1940

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical