CVE-2016-5289 Ubuntu Security Notification for Firefox Vulnerabilities (USN-3124-1)

2016年11月24日 1128点热度 0人点赞 0条评论

漏洞类别：Ubuntu

漏洞等级：

漏洞信息

Multiple memory safety issues in Firefox.

A same-origin policy bypass was discovered with local HTML files in some circumstances.

A crash was discovered when parsing URLs in some circumstances.

A heap buffer-overflow was discovered in Cairo when processing SVG content.

An error was discovered in argument length checking in Javascript.

An integer overflow was discovered in the Expat library.

It was discovered that addon updates failed to verify that the addon ID inside the signed package matched the ID of the addon being updated.

A buffer overflow was discovered in nsScriptLoadHandler.

2 use-after-free bugs were discovered during DOM operations in some circumstances.

A heap use-after-free was discovered during web animations in some circumstances.

It was discovered that a page loaded in to the sidebar through a bookmark could reference a privileged chrome window.

An issue was discovered with Content Security Policy (CSP) in combination with HTTP to HTTPS redirection.

An issue was discovered with the windows.create() WebExtensions API.

It was discovered that WebExtensions can use the mozAddonManager API.

It was discovered that <select> element dropdown menus can cover location bar content when e10s is enabled.

It was discovered that canvas allows the use of the feDisplacementMap filter on cross-origin images.

漏洞危害

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5289, CVE-2016-5290)

An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5292)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5296)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-9063)

An attacker that could perform a man-in-the-middle (MITM) attack could potentially exploit this to provide malicious addon updates. (CVE-2016-9064)

An attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-9070)

An attacker could potentially exploit this to verify whether a site is within the user's browsing history. (CVE-2016-9071)

If a user were tricked in to installing a malicious extension, an attacker could potentially exploit this to escape the WebExtensions sandbox. (CVE-2016-9073)

An attacker could potentially exploit this to install additional extensions without user permission. (CVE-2016-9075)

An attacker could potentially exploit this to conduct UI spoofing attacks. (CVE-2016-9076)

An attacker could potentially exploit this to conduct timing attacks. (CVE-2016-9077)

解决方案

Refer to Ubuntu advisory USN-3124-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3124-1: 14.04 (Kylin) on src (firefox)

USN-3124-1: 16.10 (Yakkety) on src (firefox)

USN-3124-1: 16.04 (Xenial) on src (firefox)

USN-3124-1: 12.04 (Precise) on src (firefox)

0day

CVE-2016-5289 Ubuntu Security Notification for Firefox Vulnerabilities (USN-3124-1)

文章评论