Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerabilities (USN-2743-1)

Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David
Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell
Jesup discovered multiple memory safety issues in Firefox. If a user
were tricked in to opening a specially crafted website, an attacker
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4500, CVE-2015-4501)

Andre Bargull discovered that when a web page creates a scripted
proxy for the window with a handler defined a certain way, a reference
to the inner window will be passed, rather than that of the outer
window. (CVE-2015-4502)

Felix Grobert discovered an out-of-bounds read in the QCMS color
management library in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
obtain sensitive information. (CVE-2015-4504)

Khalil Zhani discovered a buffer overflow when parsing VP9 content in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2015-4506)

Spandan Veggalam discovered a crash while using the debugger API in
some circumstances. If a user were tricked in to opening a specially
crafted website whilst using the debugger, an attacker could
potentially exploit this to execute arbitrary code with the privileges
of the user invoking Firefox. (CVE-2015-4507)

Juho Nurminen discovered that the URL bar could display the wrong URL
in reader mode in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to conduct URL spoofing attacks. (CVE-2015-4508)

A use-after-free was discovered when manipulating HTML media content
in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-4509)

Looben Yang discovered a use-after-free when using a shared worker
with IndexedDB in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4510)

Francisco Alonso discovered an out-of-bounds read during 2D canvas
rendering in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit
this to obtain sensitive information. (CVE-2015-4512)

Jeff Walden discovered that changes could be made to immutable
properties in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit
this to execute arbitrary script in a privileged scope.
(CVE-2015-4516)

Ronald Crane reported multiple vulnerabilities. If a user were tricked
in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522,
CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177,
CVE-2015-7180)

Mario Gomes discovered that dragging and dropping an image after a
redirect exposes the redirected URL to scripts. An attacker could
potentially exploit this to obtain sensitive information.
(CVE-2015-4519)

Ehsan Akhgari discovered 2 issues with CORS preflight requests. An
attacker could potentially exploit these to bypass CORS restrictions.
(CVE-2015-4520).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected firefox package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.5
(CVSS2#E:U/RL:ND/RC:UR)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now