Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS (CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1587, CVE-2014-1588, and 11 more)

Summary

There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.3.0.0 to 1.5.1.0 of SONAS

Vulnerability Details

IBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla Firefox shipped in certain versions of IBM SONAS. This vulnerability concerns the potential ability of a remote attacker to execute arbitrary code on a vulnerable system or cause a denial of service.

CVEID:CVE-2014-1574
DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97001&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID:CVE-2014-1576
DESCRIPTION: Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the nsTransformedTextRun() function when making capitalization style changes during CSS parsing. By using unknown attack vectors, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97003&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID:CVE-2014-1577
**DESCRIPTION:*Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in mozilla::dom::OscillatorNodeEngine::ComputeCustom() in Web Audio when interacting with custom waveforms with invalid values. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97004&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-1578 **DESCRIPTION: *Mozilla Firefox is vulnerable to a denial of service, caused by an out-of-bounds write error in get_tile() when buffering WebM format video containing frames with invalid tile sizes. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.1
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97005&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVEID:CVE-2014-1581
DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free during text layout. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97011&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID:CVE-2014-1583
**DESCRIPTION:*Mozilla Firefox could allow a remote attacker to bypass cross-domain security restrictions. By invoking the AlarmAPI, an attacker could bypass same-origin policy restrictions to read the values of cross-origin references in the alarm’s JSON data.
CVSS Base Score: 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97012&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:P/A:N)

CVEID:CVE-2014-1587
**DESCRIPTION:*Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99059&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-1588 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.300
CVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99060&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-1590 DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by an error when passing a JavaScript object to XMLHttpRequest. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99062&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-1592 DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free while parsing HTML5 written to a document. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99064&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVEID:CVE-2014-1593
DESCRIPTION: Mozilla Firefox is vulnerable to a buffer overflow, caused by improper bounds checking when parsing media content. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99065&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-8634 **DESCRIPTION: *Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99955&gt; for more information
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-8638 DESCRIPTION: Mozilla Firefox is vulnerable to cross-site request forgery, caused by the failure to follow the cross-origin resource sharing (CORS) specification by the navigator.sendBeacon() function. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS Base Score: 4.3
CVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99958&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2014-8639
**DESCRIPTION:*Mozilla Firefox could allow a remote attacker to hijack a valid user’s session, caused by the returning of a 407 Proxy Authentication response with a Set-Cookie header by a Web Proxy. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to inject cookies into the originally requested domain and hijack another user’s account.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99959&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-8641 DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by a read-after-free in WebRTC . An attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.0
CVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99961&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-0822 DESCRIPTION: Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an error in the form autocomplete function. By manipulating the autocomplete feature, an attacker could exploit this vulnerability to upload a local file to a known location and obtain sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/101104&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-0827 **DESCRIPTION: *Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mozilla::gfx::CopyRect() function when rendering the SVG content. A remote attacker could overflow a buffer and probably read the uninitialized memory.
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/101080&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID:CVE-2015-0831
**DESCRIPTION:*Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in IndexedDB. A remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/101083&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVEID:CVE-2015-0836
**DESCRIPTION:*Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/101093&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Affected Products and Versions

IBM SONAS

All products are affected when running code releases 1.3, 1.4 and 1.5 except for version 1.5.2.0 and above

Remediation/Fixes

A fix for these issues is in version 1.5.2.0 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.5.2.0 or a later version, so that the fix gets applied.

Please contact IBM support for assistance in upgrading your system.

Workarounds and Mitigations

Workaround(s) :
Normal operation of IBM SONAS does not require or call for customers to use Firefox to access the Internet. Although IBM recommends that you install a level of IBM SONAS code with a fix, you can avoid these vulnerabilities by not using Mozilla Firefox within your IBM SONAS system to access the Internet.