漏洞类别:Local
漏洞等级: 
漏洞信息
Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.
Multiple vulnerabilities were reported in Mozilla Firefox. A heap overflow may occur in Cairo in the processing of SVG content [CVE-2016-5296].
A URL parsing error may occur [CVE-2016-5292].
An argument length checking error may occur in JavaScript [CVE-2016-5297].
A buffer overflow may occur in nsScriptLoadHandler() [CVE-2016-9066].
A use-after-free memory error may occur in nsINode::ReplaceOrInsertBefore() [CVE-2016-9067].
A use-after-free memory error may occur in nsRefreshDriver() during web animations [CVE-2016-9068].
An integer overflow may occur in XML_Parse in the Expat library [CVE-2016-9063].
Other memory errors may occur [CVE-2016-5289, CVE-2016-5290].
A remote user can conduct a man-in-the-middle attack between the target user and the add-on update server to bypass certificate pinning protection and supply a specially crafted signed add-on [CVE-2016-9064].
On 64-bit Windows-based systems, the sandbox for 64-bin NPAPI plugins is not enabled by default when a new Firefox profile is created [CVE-2016-9072].
An extension can invoke the mozAddonManager API to gain elevated privileges [CVE-2016-9075].
A remote user can invoke a Canvas filter to conduct cross-origin timing attacks when images are loaded from third party locations [CVE-2016-9077].
A local user can bypass same-origin policy via local shortcut files to load arbitrary local content from disk [CVE-2016-5291].
A remote user can cause the Mozilla Maintenance Service to invoke the Mozilla Updater and run local files to potentially gain elevated privileges [CVE-2016-5295]. Windows-based systems are affected.
A remote user can cause the SSL indicator to not be properly reset when loading a new page [CVE-2016-5298]. Android-based systems are affected.
On Android-based systems, an application on the system can intercept AuthTokens for applications with same signature-level permissions as Firefox [CVE-2016-5299].
On Android-based systems, an application on the system that defines a specific signature-level permissions used by Firefox can access Firefox API keys [CVE-2016-9061].
The browser retains some site metadata in 'browser.db' and 'browser.db-wal' after exiting private browsing mode [CVE-2016-9062]. Android-based systems are affected.
A web site loaded to the sidebar via a bookmark can reference a privileged chrome window and execute certain JavaScript operations to bypass cross-origin protections [CVE-2016-9070].
An extension can exploit a flaw in the windows.create schema and bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox [CVE-2016-9073].
A user can exploit a weak mitigation in Network Security Services (NSS) for timing side-channel attacks with unspecified impact [CVE-2016-9074].
A remote user can exploit a flaw in the processing of Content Security Policy when redirecting from HTTP to HTTPS to determine if a specified web site is within the target user's browser history [CVE-2016-9071].
A local user can hardlink the Mozilla Updater log file in the working directory to another file on the target system to append data to the target file [CVE-2016-5293]. Windows-based systems are affected.
A local user can specify an arbitrary target working directory for the Mozilla Updater to write files to that directory [CVE-2016-5294]. Windows-based systems are affected.
A remote user can spoof the location bar via fullscreen mode [CVE-2016-9065]. Android-based systems are affected.
A remote user can use a 'select' drop down menu to spoof location bar content [CVE-2016-9076]. Systems with e10s enabled are affected.
Affected Versions :
Firefox prior to 50.0
Firefox ESR prior to 45.5
漏洞危害
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A local user can obtain data on the target system.
A local user can modify files on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
解决方案
The vendor has released advisories and updates to fix these vulnerabilities. Refer to Mozilla Security Advisories for more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论