Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Firefox regressions
Informations
Name USN-2917-3 First vendor Publication 2016-04-19
Vendor Ubuntu Last vendor Modification 2016-04-19
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS

Summary:

USN-2917-1 introduced several regressions in Firefox.

Software Description: - firefox: Mozilla Open Source web browser

Details:

USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions.

This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)

Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2016-1952,
CVE-2016-1953)

Nicolas Golubovic discovered that CSP violation reports can be used to
overwrite local files. If a user were tricked in to opening a specially
crafted website with addon signing disabled and unpacked addons installed,
an attacker could potentially exploit this to gain additional privileges.
(CVE-2016-1954)

Muneaki Nishimura discovered that CSP violation reports contained full
paths for cross-origin iframe navigations. An attacker could potentially
exploit this to steal confidential data. (CVE-2016-1955)

Ucha Gobejishvili discovered that performing certain WebGL operations
resulted in memory resource exhaustion with some Intel GPUs, requiring
a reboot. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service. (CVE-2016-1956)

Jose Martinez and Romina Santillan discovered a memory leak in
libstagefright during MPEG4 video file processing in some circumstances.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
memory exhaustion. (CVE-2016-1957)

Abdulrahman Alqabandi discovered that the addressbar could be blank or
filled with page defined content in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)

Looben Yang discovered an out-of-bounds read in Service Worker Manager. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1959)

A use-after-free was discovered in the HTML5 string parser. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2016-1960)

A use-after-free was discovered in the SetBody function of HTMLDocument.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1961)

Dominique Hazaël-Massieux discovered a use-after-free when using multiple
WebRTC data channels. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2016-1962)

It was discovered that Firefox crashes when local files are modified
whilst being read by the FileReader API. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2016-1963)

Nicolas Grégoire discovered a use-after-free during XML transformations.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1964)

Tsubasa Iinuma discovered a mechanism to cause the addressbar to display
an incorrect URL, using history navigations and the Location protocol
property. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to conduct URL
spoofing attacks. (CVE-2016-1965)

A memory corruption issues was discovered in the NPAPI subsystem. If
a user were tricked in to opening a specially crafted website with a
malicious plugin installed, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2016-1966)

Jordi Chancel discovered a same-origin-policy bypass when using
performance.getEntries and history navigation with session restore. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to steal confidential data. (CVE-2016-1967)

Luke Li discovered a buffer overflow during Brotli decompression in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-1968)

Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1973)

Ronald Crane discovered an out-of-bounds read following a failed
allocation in the HTML parser in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2016-1974)

Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple
memory safety issues in the Graphite 2 library. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,
CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,
CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10:
firefox 45.0.2+build1-0ubuntu0.15.10.1

Ubuntu 14.04 LTS:
firefox 45.0.2+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
firefox 45.0.2+build1-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2917-3
http://www.ubuntu.com/usn/usn-2917-1
https://launchpad.net/bugs/1572169

Package Information:
https://launchpad.net/ubuntu/+source/firefox/45.0.2+build1-0ubuntu0.15.10.1
https://launchpad.net/ubuntu/+source/firefox/45.0.2+build1-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/firefox/45.0.2+build1-0ubuntu0.12.04.1

Original Source

Url : http://www.ubuntu.com/usn/USN-2917-3

CWE : Common Weakness Enumeration

% Id Name
66 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7 % CWE-264 Permissions, Privileges, and Access Controls
7 % CWE-254 Security Features
7 % CWE-200 Information Exposure
7 % CWE-19 Data Handling
3 % CWE-399 Resource Management Errors
3 % CWE-189 Numeric Errors (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 428
Application 13
Application 4
Application 306
Application 1
Application 3
Os 1
Os 2
Os 3
Os 1

Snort® IPS/IDS

Date Description
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46781 - Revision : 2 - Type : BROWSER-FIREFOX
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46767 - Revision : 4 - Type : BROWSER-FIREFOX
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46766 - Revision : 2 - Type : BROWSER-FIREFOX
2018-06-21 Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt
RuleID : 46765 - Revision : 2 - Type : BROWSER-FIREFOX
2017-01-12 Nitro Pro PDF Reader out of bounds write attempt
RuleID : 41197 - Revision : 5 - Type : FILE-PDF
2017-01-12 Nitro Pro PDF Reader out of bounds write attempt
RuleID : 41196 - Revision : 5 - Type : FILE-PDF
2016-11-08 Mozilla Firefox CSP report-uri arbitrary file write attempt
RuleID : 40363 - Revision : 2 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2017-05-12 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1248-1.nasl - Type : ACT_GATHER_INFO
2017-05-05 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1175-1.nasl - Type : ACT_GATHER_INFO
2017-05-01 Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2016-1003.nasl - Type : ACT_GATHER_INFO
2017-05-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2016-1002.nasl - Type : ACT_GATHER_INFO
2017-04-21 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0065.nasl - Type : ACT_GATHER_INFO
2017-01-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-63.nasl - Type : ACT_GATHER_INFO
2016-11-17 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0159.nasl - Type : ACT_GATHER_INFO
2016-10-20 Name : The remote web server is affected by a remote code execution vulnerability.
File : glassfish_cve-2016-1950.nasl - Type : ACT_GATHER_INFO
2016-10-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3688.nasl - Type : ACT_GATHER_INFO
2016-08-08 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL91100352.nasl - Type : ACT_GATHER_INFO
2016-07-11 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-851.nasl - Type : ACT_GATHER_INFO
2016-07-11 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-848.nasl - Type : ACT_GATHER_INFO
2016-06-22 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2016-0066.nasl - Type : ACT_GATHER_INFO
2016-06-14 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-714.nasl - Type : ACT_GATHER_INFO
2016-05-31 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201605-06.nasl - Type : ACT_GATHER_INFO
2016-05-19 Name : The remote Debian host is missing a security update.
File : debian_DLA-480.nasl - Type : ACT_GATHER_INFO
2016-05-02 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2934-1.nasl - Type : ACT_GATHER_INFO
2016-04-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2917-3.nasl - Type : ACT_GATHER_INFO
2016-04-08 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2917-2.nasl - Type : ACT_GATHER_INFO
2016-04-07 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0042.nasl - Type : ACT_GATHER_INFO
2016-04-01 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0909-1.nasl - Type : ACT_GATHER_INFO
2016-04-01 Name : The remote device is affected by multiple vulnerabilities.
File : appletv_9_2.nasl - Type : ACT_GATHER_INFO
2016-03-28 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-402.nasl - Type : ACT_GATHER_INFO
2016-03-25 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-395.nasl - Type : ACT_GATHER_INFO
2016-03-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0495.nasl - Type : ACT_GATHER_INFO
2016-03-22 Name : The remote Mac OS X host is affected by multiple vulnerabilities.
File : macosx_10_11_4.nasl - Type : ACT_GATHER_INFO
2016-03-21 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0820-1.nasl - Type : ACT_GATHER_INFO
2016-03-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3520.nasl - Type : ACT_GATHER_INFO
2016-03-17 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2016-0460.nasl - Type : ACT_GATHER_INFO
2016-03-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0777-1.nasl - Type : ACT_GATHER_INFO
2016-03-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160316_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2016-03-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0460.nasl - Type : ACT_GATHER_INFO
2016-03-17 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2016-0460.nasl - Type : ACT_GATHER_INFO
2016-03-15 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2927-1.nasl - Type : ACT_GATHER_INFO
2016-03-15 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0727-1.nasl - Type : ACT_GATHER_INFO
2016-03-14 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-334.nasl - Type : ACT_GATHER_INFO
2016-03-14 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-332.nasl - Type : ACT_GATHER_INFO
2016-03-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3515.nasl - Type : ACT_GATHER_INFO
2016-03-11 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_45.nasl - Type : ACT_GATHER_INFO
2016-03-11 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_38_7_esr.nasl - Type : ACT_GATHER_INFO
2016-03-11 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_45.nasl - Type : ACT_GATHER_INFO
2016-03-11 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_38_7_esr.nasl - Type : ACT_GATHER_INFO
2016-03-11 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-667.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160309_nss_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3510.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-0371.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2016-0373.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2016-0034.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160309_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160309_nss_util_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2917-1.nasl - Type : ACT_GATHER_INFO
2016-03-10 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2924-1.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-0370.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0373.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0371.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0370.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-0370.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c429276852734f17a267c5fe35125ce4.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_adffe823e6924921ae9c0b825c218372.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2225c5b41e5a44fc9920b3201c384a15.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1bcfd963e48341b8ab8ebad5c3ce49c9.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2016-0373.nasl - Type : ACT_GATHER_INFO
2016-03-09 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-0371.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2016-04-21 13:24:43
  • Multiple Updates
2016-04-19 21:25:31
  • First insertion