oval:org.mitre.oval:def:28351

Definition Id: oval:org.mitre.oval:def:28351
 
Oval ID: oval:org.mitre.oval:def:28351
Title: USN-2424-1 -- Firefox vulnerabilities
Description: Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Christian Holler, Jon Coppeard, Eric Rahm, Byron Campen, Eric Rescorla, and Xidorn Quan discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1587">CVE-2014-1587</a>, <a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1588">CVE-2014-1588</a>) Cody Crews discovered a way to trigger chrome-level XBL bindings from web content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1589">CVE-2014-1589</a>) Joe Vennix discovered a crash when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1590">CVE-2014-1590</a>) Muneaki Nishimura discovered that CSP violation reports did not remove path information in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1591">CVE-2014-1591</a>) Berend-Jan Wever discovered a use-after-free during HTML parsing. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1592">CVE-2014-1592</a>) Abhishek Arya discovered a buffer overflow when parsing media content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1593">CVE-2014-1593</a>) Byoungyoung Lee, Chengyu Song, and Taesoo Kim discovered a bad cast in the compositor. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause undefined behaviour, a denial of service via application crash or execute abitrary code with the privileges of the user invoking Firefox. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1594">CVE-2014-1594</a>)
Family: unix Class: patch
Reference(s): USN-2424-1
CVE-2014-1587
CVE-2014-1588
CVE-2014-1589
CVE-2014-1590
CVE-2014-1591
CVE-2014-1592
CVE-2014-1593
CVE-2014-1594
Version: 5
Platform(s): Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27174
 
Oval ID: oval:org.mitre.oval:def:27174
Title: Ubuntu 14.10 is installed
Description: Ubuntu 14.10 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:canonical:ubuntu_linux:14.10
Version: 5
Platform(s): Ubuntu 14.10
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:28351
Definition Id: oval:org.mitre.oval:def:24421
 
Oval ID: oval:org.mitre.oval:def:24421
Title: Ubuntu 14.04 is installed
Description: Ubuntu 14.04 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:canonical:ubuntu_linux:14.04
Version: 5
Platform(s): Ubuntu 14.04
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:28351
Definition Id: oval:org.mitre.oval:def:15824
 
Oval ID: oval:org.mitre.oval:def:15824
Title: Ubuntu 12.04 is installed
Description: Ubuntu 12.04 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:canonical:ubuntu_linux:12.04
Version: 5
Platform(s): Ubuntu 12.04
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:28351