Security Bulletin: Multiple vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary

Multiple vulnerabilities in Firefox affect IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance (CVE-2015-4495, CVE-2015-0797, and others).

Vulnerability Details

CVEID: CVE-2015-0797**
DESCRIPTION:** Mozilla Firefox and Thunderbird are vulnerable to a buffer overflow, caused by improper bounds checking by GStreamer. By persuading a victim to open a specially crafted H.264 video file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105235 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-4473**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105486 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4474**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105488 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4475**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read during playback of a malformed MP3 format audio file. By persuading a victim to specially crafted MP3 audio file, a remote attacker could exploit this vulnerability to read portions of system memory.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105491 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-4477**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error when processing audio. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using the Web Audio API during MediaStream playback to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105516 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4490**
DESCRIPTION:** Mozilla Firefox is vulnerable to cross-site scripting, caused by an error when processing of wildcard characters in the Content Security Policy in ‘blob:’, ‘data:’, and ‘filesystem:’ URLs. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105522 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2015-4478**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the redefinition of non-configurable properties on JavaScript objects when parsing JSON. An attacker could exploit this vulnerability to bypass same-origin policy restrictions and gain access to the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105576 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-4479**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the libstagefright library when processing MPEG4 video files. By persuading a victim to open a specially-crafted MPEG4 file, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105573 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4480**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the libstagefright library when processing MPEG4 video files. By persuading a victim to open a specially-crafted MPEG4 file, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105574 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4481**
DESCRIPTION:** Mozilla Firefox could allow a local attacker to gain elevated privileges on the system, caused by a hardlink race condition in the Mozilla Maintenance Service on Windows. By writing its log file to a restricted location with an arbitrary file name, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105572 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4482**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error when opening a malicious file. By persuading a victim to open a specially-crafted MAR file, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105569 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4483**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions. By modifying a feed: protocol URL, an attacker could exploit this vulnerability using man-in-the-middle techniques to disable the mixed content blocker for that page and allow insecure content.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105568 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-4484**
DESCRIPTION:** Mozilla Firefox is vulnerable to a denial of service, caused by the failure to properly gate access to Atomics or SharedArrayBuffer views. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105545 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-4485**
DESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by resize_context_buffers. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105526 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4486**
DESCRIPTION:** Mozilla Firefox is vulnerable to a buffer overflow, caused by an out of bounds read in decrease_ref_count. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105527 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4487**
DESCRIPTION:** Mozilla Firefox is vulnerable to a buffer overflow, caused by improper bounds checking by nsTSubstring::ReplacePrep. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105523 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4488**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within StyleAnimationValue::operator. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105524 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4489**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within nsTArray_Impl. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105525 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4491**
DESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking bygdk-pixbuf affecting Linux systems using Gnome. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105544 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4492**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in XMLHttpRequest::Open() in a SharedWorker. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105521 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-4493**
DESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing an MPEG4 video with an invalid size in an ESDS chunk. By persuading a victim to open a specially-crafted MPEG4 file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105575 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance

Remediation/Fixes

If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.

Workarounds and Mitigations

None