Lucene search

K
archlinuxArch LinuxASA-201606-7
HistoryJun 08, 2016 - 12:00 a.m.

firefox: multiple issues

2016-06-0800:00:00
Arch Linux
lists.archlinux.org
20

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.597 Medium

EPSS

Percentile

97.4%

  • CVE-2016-2815 (arbitrary code execution)

Mozilla developers and community members reported several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.

  • CVE-2016-2818 (arbitrary code execution)

Mozilla developers and community members reported several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.

  • CVE-2016-2819 (arbitrary code execution)

Security researcher firehack reported a buffer overflow when parsing
HTML5 fragments in a foreign context such as under an <svg> node. This
results in a potentially exploitable crash when inserting an HTML
fragment into an existing document.

  • CVE-2016-2821 (arbitrary code execution)

Security researcher firehack used the Address Sanitizer tool to
discover a use-after-free in contenteditable mode. This occurs when
deleting document object model (DOM) table elements created within the
editor and results in a potentially exploitable crash.

  • CVE-2016-2822 (addressbar spoofing)

Security researcher Jordi Chancel reported a method to spoof the
contents of the addressbar. This uses a persistent menu within a
<select> element, which acts as a container for HTML content and can be
placed in an arbitrary location. When placed over the addressbar, this
can mask the true site URL, allowing for spoofing by a malicious site.

  • CVE-2016-2825 (same-origin policy bypass)

Security researcher Armin Razmdjou reported that the location.host
property can be set to an arbitrary string after creating an invalid
data: URI. This allows for a bypass of some same-origin policy
protections. This issue is mitigated by the data: URI in use and any
same-origin checks for http: or https: are still enforced correctly. As
a result cookie stealing and other common same-origin bypass attacks
are not possible.

  • CVE-2016-2828 (arbitrary code execution)

Mozilla community member jomo reported a use-after-free crash when
processing WebGL content. This issue was caused by the use of a texture
after its recycle pool has been destroyed during WebGL operations,
which frees the memory associated with the texture. This results in a
potentially exploitable crash when the texture is later called.

  • CVE-2016-2829 (visual user confusion)

Security researcher Tim McCormack reported that when a page requests a
series of permissions in a short timespan, the resulting permission
notifications can show the icon for the wrong permission request. This
can lead to user confusion and inadvertent consent given when a user is
prompted by web content to give permissions, such as for geolocation or
microphone access.

  • CVE-2016-2831 (clickjacking)

Security researcher sushi Anton Larsson reported that when paired
fullscreen and pointerlock requests are done in combination with
closing windows, a pointerlock can be created within a fullscreen
window without user permission. This pointerlock cannot then be
cancelled without terminating the browser, resulting in a persistent
denial of service attack. This can also be used for spoofing and
clickjacking attacks against the browser UI.

  • CVE-2016-2832 (information leakage)

Mozilla developer John Schoenick reported that CSS pseudo-classes can
be used by web content to leak information on plugins that are
installed but disabled. This can be used for information disclosure
through a fingerprinting attack that lists all of the plugins installed
by a user on a system, even when they are disabled.

  • CVE-2016-2833 (cross-site scripting)

Mozilla engineer Matt Wobensmith reported that Content Security Policy
(CSP) does not block the loading of cross-domain Java applets when
specified by policy. This is because the Java applet is loaded by the
Java plugin, which then mediates all network requests without checking
against CSP. This could allow a malicious site to manipulate content
through a Java applet to bypass CSP protections, allowing for possible
cross-site scripting (XSS) attacks.

OSVersionArchitecturePackageVersionFilename
anyanyanyfirefox< 47.0-1UNKNOWN

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.597 Medium

EPSS

Percentile

97.4%