USN-3124-1
Vulnerability Summary
Timeline
Description
firefox vulnerabilities Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5289, CVE-2016-5290) A same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291) A crash was discovered when parsing URLs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5292) A heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5296) An error was discovered in argument length checking in Javascript. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5297) An integer overflow was discovered in the Expat library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-9063) It was discovered that addon updates failed to verify that the addon ID inside the signed package matched the ID of the addon being updated. An attacker that could perform a machine-in-the-middle (MITM) attack could potentially exploit this to provide malicious addon updates. (CVE-2016-9064) A buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9066) 2 use-after-free bugs were discovered during DOM operations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9067, CVE-2016-9069) A heap use-after-free was discovered during web animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9068) It was discovered that a page loaded in to the sidebar through a bookmark could reference a privileged chrome window. An attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-9070) An issue was discovered with Content Security Policy (CSP) in combination with HTTP to HTTPS redirection. An attacker could potentially exploit this to verify whether a site is within the user's browsing history. (CVE-2016-9071) An issue was discovered with the windows.create() WebExtensions API. If a user were tricked in to installing a malicious extension, an attacker could potentially exploit this to escape the WebExtensions sandbox. (CVE-2016-9073) It was discovered that WebExtensions can use the mozAddonManager API. An attacker could potentially exploit this to install additional extensions without user permission. (CVE-2016-9075) It was discovered that <select> element dropdown menus can cover location bar content when e10s is enabled. An attacker could potentially exploit this to conduct UI spoofing attacks. (CVE-2016-9076) It was discovered that canvas allows the use of the feDisplacementMap filter on cross-origin images. An attacker could potentially exploit this to conduct timing attacks. (CVE-2016-9077)
Affected Systems
- ubuntu•firefox
< 50.0+build2-0ubuntu0.14.04.2 | < 50.0+build2-0ubuntu0.16.04.2
References (19)
- https://ubuntu.com/security/notices/USN-3124-1
- https://ubuntu.com/security/CVE-2016-5289
- https://ubuntu.com/security/CVE-2016-5290
- https://ubuntu.com/security/CVE-2016-5291
- https://ubuntu.com/security/CVE-2016-5292
- https://ubuntu.com/security/CVE-2016-5296
- https://ubuntu.com/security/CVE-2016-5297
- https://ubuntu.com/security/CVE-2016-9063
- https://ubuntu.com/security/CVE-2016-9064
- https://ubuntu.com/security/CVE-2016-9066
- https://ubuntu.com/security/CVE-2016-9067
- https://ubuntu.com/security/CVE-2016-9068
- https://ubuntu.com/security/CVE-2016-9069
- https://ubuntu.com/security/CVE-2016-9070
- https://ubuntu.com/security/CVE-2016-9071
- https://ubuntu.com/security/CVE-2016-9073
- https://ubuntu.com/security/CVE-2016-9075
- https://ubuntu.com/security/CVE-2016-9076
- https://ubuntu.com/security/CVE-2016-9077