This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5767291864716863439==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="MpaP6pQ6CnTXddNWajbJJbSljbmHNtpbv"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--MpaP6pQ6CnTXddNWajbJJbSljbmHNtpbv
Content-Type: multipart/mixed; boundary="XujvAIX6ErbqwXtGgTqj34h9kJDcJB8kl"
From: Chris Coulson
Reply-To: Ubuntu Security
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <2b66d8f7-2d2c-7857-ef48-0dfc1d70563b@canonical.com>
Subject: [USN-3175-1] Firefox vulnerabilities
--XujvAIX6ErbqwXtGgTqj34h9kJDcJB8kl
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
==========================================================================
Ubuntu Security Notice USN-3175-1
January 27, 2017
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple memory safety issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)
JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5375)
Nicolas Grégoire discovered a use-after-free when manipulating XSL in
XSLT documents in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2017-5376)
Atte Kettunen discovered a memory corruption issue in Skia in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5377)
Jann Horn discovered that an object's address could be discovered through
hashed codes of JavaScript objects shared between pages. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to obtain sensitive information. (CVE-2017-5378)
A use-after-free was discovered in Web Animations in some circumstances.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2017-5379)
A use-after-free was discovered during DOM manipulation of SVG content in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2017-5380)
Jann Horn discovered that the "export" function in the Certificate Viewer
can force local filesystem navigation when the Common Name contains
slashes. If a user were tricked in to exporting a specially crafted
certificate, an attacker could potentially exploit this to save content
with arbitrary filenames in unsafe locations. (CVE-2017-5381)
Jerri Rice discovered that the Feed preview for RSS feeds can be used to
capture errors and exceptions generated by privileged content. An attacker
could potentially exploit this to obtain sensitive information.
(CVE-2017-5382)
Armin Razmjou discovered that certain unicode glyphs do not trigger
punycode display. An attacker could potentially exploit this to spoof the
URL bar contents. (CVE-2017-5383)
Paul Stone and Alex Chapman discovered that the full URL path is exposed
to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a
user has enabled Web Proxy Auto Detect (WPAD), an attacker could
potentially exploit this to obtain sensitive information. (CVE-2017-5384)
Muneaki Nishimura discovered that data sent in multipart channels will
ignore the Referrer-Policy response headers. An attacker could potentially
exploit this to obtain sensitive information. (CVE-2017-5385)
Muneaki Nishimura discovered that WebExtensions can affect other
extensions using the data: protocol. If a user were tricked in to
installing a specially crafted addon, an attacker could potentially
exploit this to obtain sensitive information or gain additional
privileges. (CVE-2017-5386)
Mustafa Hasan discovered that the existence of local files can be
determined using the
|