Ubuntu 12.04 LTS / 14.04 LTS : firefox vulnerabilities (USN-2372-1)

Ubuntu Security Notice (C) 2014-2016 Canonical, Inc. / NASL script (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Bobby Holley, Christian Holler, David Bolter, Byron Campen, Jon
Coppeard, Carsten Book, Martijn Wargers, Shih-Chiang Chien, Terrence
Cole and Jeff Walden discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial
of service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2014-1574,
CVE-2014-1575)

Atte Kettunen discovered a buffer overflow during CSS manipulation. If
a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service
via application crash or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2014-1576)

Holger Fuhrmannek discovered an out-of-bounds read with Web Audio. If
a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to steal sensitive
information. (CVE-2014-1577)

Abhishek Arya discovered an out-of-bounds write when buffering WebM
video in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this
to cause a denial of service via application crash or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-1578)

Michal Zalewski discovered that memory may not be correctly
initialized when rendering a malformed GIF in to a canvas in some
circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to steal
sensitive information. (CVE-2014-1580)

A use-after-free was discovered during text layout in some
circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2014-1581)

Patrick McManus and David Keeler discovered 2 issues that could result
in certificate pinning being bypassed in some circumstances. An
attacker with a fraudulent certificate could potentially exploit this
conduct a man in the middle attack. (CVE-2014-1582, CVE-2014-1584)

Eric Shepherd and Jan-Ivar Bruaroey discovered issues with video
sharing via WebRTC in iframes, where video continues to be shared
after being stopped and navigating to a new site doesn't turn off the
camera. An attacker could potentially exploit this to access the
camera without the user being aware. (CVE-2014-1585, CVE-2014-1586)

Boris Zbarsky discovered that webapps could use the Alarm API to read
the values of cross-origin references. If a user were tricked in to
installing a specially crafter webapp, an attacker could potentially
exploit this to bypass same-origin restrictions. (CVE-2014-1583).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected firefox package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now