10 - USN-2702-1

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description: - firefox: Mozilla Open Source web browser

Details:

Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)

Aki Helin discovered an out-of-bounds read when playing malformed MP3 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4475)

A use-after-free was discovered during MediaStream playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4477)

André Bargull discovered that non-configurable properties on javascript objects could be redefined when parsing JSON. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-4478)

Multiple integer overflows were discovered in libstagefright. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)

Jukka Jylänki discovered a crash that occurs because javascript does not properly gate access to Atomics or SharedArrayBuffers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-4484)

Abhishek Arya discovered 2 buffer overflows in libvpx when decoding malformed WebM content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4485, CVE-2015-4486)

Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489)

Christoph Kerschbaumer discovered an issue with Mozilla's implementation of Content Security Policy (CSP), which could allow for a more permissive usage in some cirucumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)

Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4491)

Looben Yang discovered a use-after-free when using XMLHttpRequest with shared workers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-4492)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04:
firefox 40.0+build4-0ubuntu0.15.04.1

Ubuntu 14.04 LTS:
firefox 40.0+build4-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
firefox 40.0+build4-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2702-1
CVE-2015-4473, CVE-2015-4474, CVE-2015-4475, CVE-2015-4477,
CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4484,
CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488,
CVE-2015-4489, CVE-2015-4490, CVE-2015-4491, CVE-2015-4492,
CVE-2015-4493

Package Information:
https://launchpad.net/ubuntu/+source/firefox/40.0+build4-0ubuntu0.15.04.1
https://launchpad.net/ubuntu/+source/firefox/40.0+build4-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/firefox/40.0+build4-0ubuntu0.12.04.1