Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

USN-2550-1: Firefox vulnerabilities

1 April 2015

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • firefox - Mozilla Open Source web browser

Details

Olli Pettay and Boris Zbarsky discovered an issue during anchor
navigations in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this
to bypass same-origin policy restrictions. (CVE-2015-0801)

Bobby Holley discovered that windows created to hold privileged UI content
retained access to privileged internal methods if navigated to
unprivileged content. An attacker could potentially exploit this in
combination with another flaw, in order to execute arbitrary script in a
privileged context. (CVE-2015-0802)

Several type confusion issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-0803, CVE-2015-0804)

Abhishek Arya discovered memory corruption issues during 2D graphics
rendering. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-0805, CVE-2015-0806)

Christoph Kerschbaumer discovered that CORS requests from
navigator.sendBeacon() followed 30x redirections after preflight. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to conduct cross-site request forgery
(XSRF) attacks. (CVE-2015-0807)

Mitchell Harper discovered an issue with memory management of simple-type
arrays in WebRTC. An attacker could potentially exploit this to cause
undefined behaviour. (CVE-2015-0808)

Felix Gröbert discovered an out-of-bounds read in the QCMS colour
management library. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2015-0811)

Armin Razmdjou discovered that lightweight themes could be installed
in Firefox without a user approval message, from Mozilla subdomains
over HTTP without SSL. A remote attacker could potentially exploit this by
conducting a Machine-In-The-Middle (MITM) attack to install themes without
user approval. (CVE-2015-0812)

Aki Helin discovered a use-after-free when playing MP3 audio files using
the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-0813)

Christian Holler, Andrew McCreight, Gary Kwong, Karl Tomlinson, Randell
Jesup, Shu-yu Guo, Steve Fink, Tooru Fujisawa, and Byron Campen discovered
multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-0814, CVE-2015-0815)

Mariusz Mlynski discovered that documents loaded via resource: URLs (such
as PDF.js) could load privileged chrome pages. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this in combination with another flaw, in order to execute
arbitrary script in a privileged context. (CVE-2015-0816)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04

After a standard system update you need to restart Firefox to make
all the necessary changes.

Related notices

  • USN-2552-1: thunderbird-locale-it, thunderbird-locale-nl, thunderbird-locale-tr, thunderbird-locale-bn, thunderbird-locale-zh-tw, thunderbird-locale-pl, thunderbird-locale-pt-pt, thunderbird-locale-id, thunderbird-locale-et, thunderbird-locale-bn-bd, thunderbird-locale-sq, thunderbird-locale-es, thunderbird-locale-ga, thunderbird-testsuite, thunderbird-locale-ca, thunderbird-locale-de, thunderbird-locale-ar, xul-ext-gdata-provider, thunderbird-locale-si, thunderbird-locale-fr, thunderbird-locale-pa, thunderbird-globalmenu, thunderbird-locale-en-gb, thunderbird-gnome-support, thunderbird-locale-fi, thunderbird-locale-pa-in, thunderbird-locale-fy, thunderbird-locale-hu, thunderbird-locale-gl, thunderbird-locale-ta-lk, thunderbird-locale-ga-ie, thunderbird-locale-hy, thunderbird-locale-el, thunderbird-locale-mk, thunderbird-locale-ru, thunderbird-locale-uk, thunderbird-locale-ta, thunderbird-locale-nb-no, thunderbird-locale-fy-nl, thunderbird-locale-nb, thunderbird-locale-zh-hant, thunderbird-locale-zh-hans, thunderbird-locale-sk, thunderbird-locale-pt-br, thunderbird-locale-sl, xul-ext-lightning, thunderbird-locale-nn-no, thunderbird-locale-en, thunderbird-locale-ja, thunderbird-locale-sv, thunderbird-mozsymbols, xul-ext-calendar-timezones, thunderbird-locale-es-ar, thunderbird-locale-gd, thunderbird-locale-pt, thunderbird-locale-en-us, thunderbird-locale-eu, thunderbird-locale-nn, thunderbird-locale-sr, thunderbird-locale-sv-se, thunderbird-locale-ast, thunderbird-locale-hr, thunderbird-locale-es-es, thunderbird-locale-lt, thunderbird-locale-br, thunderbird-locale-zh-cn, thunderbird-locale-ro, thunderbird-locale-af, thunderbird-dev, thunderbird-locale-be, thunderbird-locale-bg, thunderbird-locale-ka, thunderbird-locale-he, thunderbird-locale-ko, thunderbird-locale-rm, thunderbird-locale-vi, thunderbird-locale-cs, thunderbird-locale-da, thunderbird, thunderbird-locale-is