Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Mozilla Firefox
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mozilla Firefox
ID: USN-3044-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
Datum: Fr, 5. August 2016, 20:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5266
Applikationen: Mozilla Firefox

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1793765811603423564==
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="2VkNrM2kdoM9RhEKhafBLMvfrO1fxAKCP"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--2VkNrM2kdoM9RhEKhafBLMvfrO1fxAKCP
Content-Type: multipart/mixed;
 boundary="jEcuEUHeS6qUsnSxEF2a2SnR5cwgiqt2q"
From: Chris Coulson <chris.coulson@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <88debee6-8ac6-6c28-159d-436c92709501@canonical.com>
Subject: [USN-3044-1] Firefox vulnerabilities

--jEcuEUHeS6qUsnSxEF2a2SnR5cwgiqt2q
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3044-1
August 05, 2016

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Gustavo Grieco discovered an out-of-bounds read during XML parsing in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or obtain sensitive information.
(CVE-2016-0718)

Toni Huttunen discovered that once a favicon is requested from a site,
the remote server can keep the network connection open even after the page
is closed. A remote attacked could potentially exploit this to track
users, resulting in information disclosure. (CVE-2016-2830)

Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward,
Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil
Ringnalda discovered multiple memory safety issues in Firefox. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-2835, CVE-2016-2836)

A buffer overflow was discovered in the ClearKey Content Decryption
Module (CDM) during video playback. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
cause a denial of service via plugin process crash, or, in combination
with another vulnerability to escape the GMP sandbox, execute arbitrary
code. (CVE-2016-2837)

Atte Kettunen discovered a buffer overflow when rendering SVG content in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2016-2838)

Bert Massop discovered a crash in Cairo with version 0.10 of FFmpeg. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to execute arbitrary code. (CVE-2016-2839)

Catalin Dumitru discovered that URLs of resources loaded after a
navigation start could be leaked to the following page via the Resource
Timing API. An attacker could potentially exploit this to obtain sensitive
information. (CVE-2016-5250)

Firas Salem discovered an issue with non-ASCII and emoji characters in
data: URLs. An attacker could potentially exploit this to spoof the
addressbar contents. (CVE-2016-5251)

Georg Koppen discovered a stack buffer underflow during 2D graphics
rendering in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5252)

Abhishek Arya discovered a use-after-free when the alt key is used with
top-level menus. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5254)

Jukka JylÀnki discovered a crash during garbage collection. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to execute arbitrary code. (CVE-2016-5255)

Looben Yang discovered a use-after-free in WebRTC. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2016-5258)

Looben Yang discovered a use-after-free when working with nested sync
events in service workers. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5259)

Mike Kaply discovered that plain-text passwords can be stored in session
restore if an input field type is changed from "password" to
 "text" during
a session, leading to information disclosure. (CVE-2016-5260)

Samuel Groß discovered an integer overflow in WebSockets during data
buffering in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5261)

Nikita Arykov discovered that JavaScript event handlers on a <marquee>
element can execute in a sandboxed iframe without the allow-scripts flag
set. If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to conduct cross-site scripting
(XSS) attacks. (CVE-2016-5262)

A type confusion bug was discovered in display transformation during
rendering. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5263)

A use-after-free was discovered when applying effects to SVG elements in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2016-5264)

Abdulrahman Alqabandi discovered a same-origin policy violation relating
to local HTML files and saved shortcut files. An attacker could
potentially exploit this to obtain sensitive information. (CVE-2016-5265)

Rafael Gieschke discovered an information disclosure issue related to
drag and drop. An attacker could potentially exploit this to obtain
sensitive information. (CVE-2016-5266)

A text injection issue was discovered with about: URLs. An attacker could
potentially exploit this to spoof internal error pages. (CVE-2016-5268)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  firefox                         48.0+build2-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  firefox                         48.0+build2-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  firefox                         48.0+build2-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-3044-1
  CVE-2016-0718, CVE-2016-2830, CVE-2016-2835, CVE-2016-2836,
  CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250,
  CVE-2016-5251, CVE-2016-5252, CVE-2016-5254, CVE-2016-5255,
  CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261,
  CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265,
  CVE-2016-5266, CVE-2016-5268

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.14.04.1
  https://launchpad.net/ubuntu/+source/firefox/48.0+build2-0ubuntu0.12.04.1



--jEcuEUHeS6qUsnSxEF2a2SnR5cwgiqt2q--

--2VkNrM2kdoM9RhEKhafBLMvfrO1fxAKCP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXpItGAAoJEGEfvezVlG4PPEIH+gMETRLc8wpgXiXxggEtQD+K
61QT4+Z6seiMyb+JQ/PGYt+n3I5CZfH0B7hk8IeAuBbN5BOXX4MXLWlyBG1CX8//
tcWITYjvjVuHrZKJa/2rgPXsptnKzmZoRLiU24bpeuANTjSjhO78wf4Ykzzb6QVj
VaNpdYSEIIUroBsutKdFbt3ZDCmSH1Axm/0Pvsw1LW3cdqkM6nRuDmdnlX7nVKim
r0WrGKc7m6MCm1HYElwRN/73YuzlhH/LbFGgZ5pt18PLLi+4zVaElfhLqCTTgHxJ
4ZEHw3hQ9c5lHbian0JOPBkZoVdj3NdYjyCU8vlkOdMxUzIylFwsq5DnPHYRXSY=
=LRPw
-----END PGP SIGNATURE-----

--2VkNrM2kdoM9RhEKhafBLMvfrO1fxAKCP--


--===============1793765811603423564==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1793765811603423564==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung