Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : firefox regression (USN-2936-3)

Ubuntu Security Notice (C) 2016 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

USN-2936-1 fixed vulnerabilities in Firefox. The update caused an
issue where a device update POST request was sent every time
about:preferences#sync was shown. This update fixes the problem.

We apologize for the inconvenience.

Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse
Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter,
Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2016-2804, CVE-2016-2806, CVE-2016-2807)

An invalid write was discovered when using the JavaScript
.watch() method in some circumstances. If a user were
tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox.
(CVE-2016-2808)

Looben Yang discovered a use-after-free and buffer overflow
in service workers. If a user were tricked in to opening a
specially crafted website, an attacker could potentially
exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-2811, CVE-2016-2812)

Sascha Just discovered a buffer overflow in libstagefright
in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-2814)

Muneaki Nishimura discovered that CSP is not applied
correctly to web content sent with the
multipart/x-mixed-replace MIME type. An attacker could
potentially exploit this to conduct cross-site scripting
(XSS) attacks when they would otherwise be prevented.
(CVE-2016-2816)

Muneaki Nishimura discovered that the chrome.tabs.update API
for web extensions allows for navigation to javascript:
URLs. A malicious extension could potentially exploit this
to conduct cross-site scripting (XSS) attacks.
(CVE-2016-2817)

Mark Goodwin discovered that about:healthreport accepts
certain events from any content present in the remote-report
iframe. If another vulnerability allowed the injection of
web content in the remote-report iframe, an attacker could
potentially exploit this to change the user's sharing
preferences. (CVE-2016-2820).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected firefox package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now