Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : firefox vulnerabilities (USN-2602-1)

Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong,
Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2015-2708, CVE-2015-2709)

Atte Kettunen discovered a buffer overflow during the rendering of SVG
content with certain CSS properties in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-2710)

Alex Verstak discovered that <meta name='referrer'> is ignored in some
circumstances. (CVE-2015-2711)

Dougall Johnson discovered an out of bounds read and write in asm.js.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to obtain sensitive
information, cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-2712)

Scott Bell discovered a use-afer-free during the processing of text
when vertical text is enabled. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-2713)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free
during shutdown. An attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2015-2715)

Ucha Gobejishvili discovered a buffer overflow when parsing compressed
XML content. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-2716)

A buffer overflow and out-of-bounds read were discovered when parsing
metadata in MP4 files in some circumstances. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-2717)

Mark Hammond discovered that when a trusted page is hosted within an
iframe in an untrusted page, the untrusted page can intercept
webchannel responses meant for the trusted page in some circumstances.
If a user were tricked in to opening a specially crafted website, an
attacker could exploit this to bypass origin restrictions.
(CVE-2015-2718).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected firefox package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now