This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8306675948946865535== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="6Lwm1vEhBWxAjSE55OwXOSJ1RR21kWPNo"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6Lwm1vEhBWxAjSE55OwXOSJ1RR21kWPNo Content-Type: multipart/mixed; boundary="tUjMdXffPTCUWnGBQ1EEj5poM5JJOhStg" From: Chris Coulson <chris.coulson@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <00028765-7cdb-5931-d1e3-e7b6044775e0@canonical.com> Subject: [USN-3175-2] Firefox regression
--tUjMdXffPTCUWnGBQ1EEj5poM5JJOhStg Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable Content-Language: en-US
========================================================================== Ubuntu Security Notice USN-3175-2 February 06, 2017
firefox regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
USN-3175-1 introduced a regression in Firefox.
Software Description: - firefox: Mozilla Open Source web browser
Details:
USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Grégoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378) A use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379) A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380) Jann Horn discovered that the "export" function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381) Jerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382) Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383) Paul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384) Muneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385) Muneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386) Mustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387) Cullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388) Kris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389) Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390) Jerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391) Stuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to install additional addons. (CVE-2017-5393) Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: firefox 51.0.1+build2-0ubuntu0.16.10.2
Ubuntu 16.04 LTS: firefox 51.0.1+build2-0ubuntu0.16.04.2
Ubuntu 14.04 LTS: firefox 51.0.1+build2-0ubuntu0.14.04.2
Ubuntu 12.04 LTS: firefox 51.0.1+build2-0ubuntu0.12.04.2
After a standard system update you need to restart Firefox to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3175-2 http://www.ubuntu.com/usn/usn-3175-1 https://launchpad.net/bugs/1659922
Package Information: https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.16.10.2 https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.14.04.2 https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.12.04.2
--tUjMdXffPTCUWnGBQ1EEj5poM5JJOhStg--
--6Lwm1vEhBWxAjSE55OwXOSJ1RR21kWPNo Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCAAGBQJYmQb5AAoJEGEfvezVlG4Ppp8H/AiVdF0enq4dYz4yU3tZjNoK ans3xTtT0xpz3RrcefPxMTEklWPAZYirjTO/0c2yv56mYymU8CVmM5RhpWtwhzaa E995JKZzouuyviQUtVHEsPaUpHP5M7gL+xI6ZeUB74+UJrREUu85dhvUcuYfOmmn zTAolTUAQ0kimmwOJKp7TbmThr3TEDpgZD/cw9QVBFNXzyyq3DOS3LQDDhUOuiOm D9VQQCh9Dgn1OQ8B19lrqkydVlTjdrXpQgj1dTsFbRKd8ftqLF0Cei3aPZ6biu7s Nw/swFZzhs2Qb2JgJC6THbrL3t2pwngP4YChaKZuCA+qggMIfN8D+a1Y8DGgmPo= =xgd0 -----END PGP SIGNATURE-----
--6Lwm1vEhBWxAjSE55OwXOSJ1RR21kWPNo--
--===============8306675948946865535== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8306675948946865535==--
|