CVE-2016-0718 Ubuntu Security Notification for Firefox Vulnerabilities (USN-3044-1)漏洞银行丨0DAY BANK

An out-of-bounds read during XML parsing in some circumstances.

It was discovered that once a favicon is requested from a site, the remote server can keep the network connection open even after the page is closed.

Multiple memory safety issues in Firefox.

A buffer overflow was discovered in the ClearKey Content Decryption Module (CDM) during video playback.

A buffer overflow when rendering SVG content in some circumstances.

A crash in Cairo with version 0.10 of FFmpeg.

It was discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API.

An issue with non-ASCII and emoji characters in data: URLs.

A stack buffer underflow during 2D graphics rendering in some circumstances.

A use-after-free when the alt key is used with top-level menus.

A crash during garbage collection.

A use-after-free in WebRTC.

A use-after-free when working with nested sync events in service workers.

It was discovered that plain-text passwords can be stored in session restore if an input field type is changed from "password" to "text" during a session, leading to information disclosure.

An integer overflow in WebSockets during data buffering in some circumstances.

It was discovered that JavaScript event handlers on a <marquee> element can execute in a sandboxed iframe without the allow-scripts flag set.

A type confusion bug was discovered in display transformation during rendering.

A use-after-free was discovered when applying effects to SVG elements in some circumstances.

A same-origin policy violation relating to local HTML files and saved shortcut files.

It was discovered an information disclosure issue related to drag and drop.

A text injection issue was discovered with about: URLs.

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2016-0718)

A remote attacked could potentially exploit this to track users, resulting in information disclosure. (CVE-2016-2830)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2835, CVE-2016-2836)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via plugin process crash, or, in combination with another vulnerability to escape the GMP sandbox, execute arbitrary code. (CVE-2016-2837)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2838)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-2839)

An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5250)

An attacker could potentially exploit this to spoof the addressbar contents. (CVE-2016-5251)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5252)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5254)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5255)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5258)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5259)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5261)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5262)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5263)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5264)

An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5265)

An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5266)

An attacker could potentially exploit this to spoof internal error pages. (CVE-2016-5268)

If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5259)

An attacker could exploit this vulnerability to obtain sensitive information. (CVE-2016-5260)

Refer to Ubuntu advisory USN-3044-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3044-1: 12.04 (Precise) on src (firefox)

USN-3044-1: 16.04 (Xenial) on src (firefox)

USN-3044-1: 14.04 (Kylin) on src (firefox)