Ubuntu 12.04 LTS / 14.04 / 15.10 : firefox vulnerabilities (USN-2917-1)

Ubuntu Security Notice (C) 2016 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Francis Gabriel discovered a buffer overflow during ASN.1 decoding in
NSS. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-1950)

Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo
Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylanki
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2016-1952, CVE-2016-1953)

Nicolas Golubovic discovered that CSP violation reports can be used to
overwrite local files. If a user were tricked in to opening a
specially crafted website with addon signing disabled and unpacked
addons installed, an attacker could potentially exploit this to gain
additional privileges. (CVE-2016-1954)

Muneaki Nishimura discovered that CSP violation reports contained full
paths for cross-origin iframe navigations. An attacker could
potentially exploit this to steal confidential data. (CVE-2016-1955)

Ucha Gobejishvili discovered that performing certain WebGL operations
resulted in memory resource exhaustion with some Intel GPUs, requiring
a reboot. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service. (CVE-2016-1956)

Jose Martinez and Romina Santillan discovered a memory leak in
libstagefright during MPEG4 video file processing in some
circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via memory exhaustion. (CVE-2016-1957)

Abdulrahman Alqabandi discovered that the addressbar could be blank or
filled with page defined content in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to conduct URL spoofing attacks.
(CVE-2016-1958)

Looben Yang discovered an out-of-bounds read in Service Worker
Manager. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-1959)

A use-after-free was discovered in the HTML5 string parser. If a user
were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2016-1960)

A use-after-free was discovered in the SetBody function of
HTMLDocument. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-1961)

Dominique Hazael-Massieux discovered a use-after-free when using
multiple WebRTC data channels. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2016-1962)

It was discovered that Firefox crashes when local files are modified
whilst being read by the FileReader API. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2016-1963)

Nicolas Gregoire discovered a use-after-free during XML
transformations. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2016-1964)

Tsubasa Iinuma discovered a mechanism to cause the addressbar to
display an incorrect URL, using history navigations and the Location
protocol property. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to conduct
URL spoofing attacks. (CVE-2016-1965)

A memory corruption issues was discovered in the NPAPI subsystem. If a
user were tricked in to opening a specially crafted website with a
malicious plugin installed, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2016-1966)

Jordi Chancel discovered a same-origin-policy bypass when using
performance.getEntries and history navigation with session restore. If
a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to steal confidential data.
(CVE-2016-1967)

Luke Li discovered a buffer overflow during Brotli decompression in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2016-1968)

Ronald Crane discovered a use-after-free in GetStaticInstance in
WebRTC. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-1973)

Ronald Crane discovered an out-of-bounds read following a failed
allocation in the HTML parser in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2016-1974)

Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple
memory safety issues in the Graphite 2 library. If a user were tricked
in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,
CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,
CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799,
CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).

Solution :

Update the affected firefox package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)