Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3175-2)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

USN-3175-1 fixed vulnerabilities in Firefox. The update caused a
regression on systems where the AppArmor profile for Firefox is set to
enforce mode. This update fixes the problem.

We apologize for the inconvenience.

Multiple memory safety issues were discovered in Firefox. If a user
were tricked in to opening a specially crafted website, an attacker
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2017-5373,
CVE-2017-5374)

JIT code allocation can allow a bypass of ASLR protections
in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5375)

Nicolas Gregoire discovered a use-after-free when
manipulating XSL in XSLT documents in some circumstances. If
a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause
a denial of service via application crash, or execute
arbitrary code. (CVE-2017-5376)

Atte Kettunen discovered a memory corruption issue in Skia
in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5377)

Jann Horn discovered that an object's address could be
discovered through hashed codes of JavaScript objects shared
between pages. If a user were tricked in to opening a
specially crafted website, an attacker could potentially
exploit this to obtain sensitive information.
(CVE-2017-5378)

A use-after-free was discovered in Web Animations in some
circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5379)

A use-after-free was discovered during DOM manipulation of
SVG content in some circumstances. If a user were tricked in
to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code.
(CVE-2017-5380)

Jann Horn discovered that the 'export' function in the
Certificate Viewer can force local filesystem navigation
when the Common Name contains slashes. If a user were
tricked in to exporting a specially crafted certificate, an
attacker could potentially exploit this to save content with
arbitrary filenames in unsafe locations. (CVE-2017-5381)

Jerri Rice discovered that the Feed preview for RSS feeds
can be used to capture errors and exceptions generated by
privileged content. An attacker could potentially exploit
this to obtain sensitive information. (CVE-2017-5382)

Armin Razmjou discovered that certain unicode glyphs do not
trigger punycode display. An attacker could potentially
exploit this to spoof the URL bar contents. (CVE-2017-5383)

Paul Stone and Alex Chapman discovered that the full URL
path is exposed to JavaScript functions specified by Proxy
Auto-Config (PAC) files. If a user has enabled Web Proxy
Auto Detect (WPAD), an attacker could potentially exploit
this to obtain sensitive information. (CVE-2017-5384)

Muneaki Nishimura discovered that data sent in multipart
channels will ignore the Referrer-Policy response headers.
An attacker could potentially exploit this to obtain
sensitive information. (CVE-2017-5385)

Muneaki Nishimura discovered that WebExtensions can affect
other extensions using the data: protocol. If a user were
tricked in to installing a specially crafted addon, an
attacker could potentially exploit this to obtain sensitive
information or gain additional privileges. (CVE-2017-5386)

Mustafa Hasan discovered that the existence of local files
can be determined using the <track> element. An attacker
could potentially exploit this to obtain sensitive
information. (CVE-2017-5387)

Cullen Jennings discovered that WebRTC can be used to
generate large amounts of UDP traffic. An attacker could
potentially exploit this to conduct Distributed
Denial-of-Service (DDOS) attacks. (CVE-2017-5388)

Kris Maglione discovered that WebExtensions can use the
mozAddonManager API by modifying the CSP headers on sites
with the appropriate permissions and then using host
requests to redirect script loads to a malicious site. If a
user were tricked in to installing a specially crafted
addon, an attacker could potentially exploit this to install
additional addons without user permission. (CVE-2017-5389)

Jerri Rice discovered insecure communication methods in the
Dev Tools JSON Viewer. An attacker could potentially exploit
this to gain additional privileges. (CVE-2017-5390)

Jerri Rice discovered that about: pages used by content can
load privileged about: pages in iframes. An attacker could
potentially exploit this to gain additional privileges, in
combination with a content-injection bug in one of those
about: pages. (CVE-2017-5391)

Stuart Colville discovered that mozAddonManager allows for
the installation of extensions from the CDN for
addons.mozilla.org, a publicly accessible site. If a user
were tricked in to installing a specially crafted addon, an
attacker could potentially exploit this, in combination with
a cross-site scripting (XSS) attack on Mozilla's AMO sites,
to install additional addons. (CVE-2017-5393)

Filipe Gomes discovered a use-after-free in the media
decoder in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code.
(CVE-2017-5396).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected firefox package.

Risk factor :

High

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now