The update fixes regressions in Firefox causing search engine settings loss and location bar breaking after typing an invalid URL. It also addresses buffer overflow, memory safety issues, file overwriting, path disclosure, and memory resource exhaustion vulnerabilities
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | Ubuntu: Security Advisory (USN-2917-3) | 20 Apr 201600:00 | – | openvas |
![]() | Mozilla Firefox Security Advisory (MFSA2016-16) - Linux | 8 Nov 202100:00 | – | openvas |
![]() | Mozilla Firefox Security Advisory (MFSA2016-18) - Linux | 8 Nov 202100:00 | – | openvas |
![]() | Mozilla Firefox Security Advisory (MFSA2016-19) - Linux | 8 Nov 202100:00 | – | openvas |
![]() | Mozilla Firefox Security Advisory (MFSA2016-17) - Linux | 8 Nov 202100:00 | – | openvas |
![]() | Mozilla Firefox Security Advisory (MFSA2016-21) - Linux | 8 Nov 202100:00 | – | openvas |
![]() | Mozilla Firefox Security Advisory (MFSA2016-20) - Linux | 8 Nov 202100:00 | – | openvas |
![]() | Oracle: Security Advisory (ELSA-2016-0371) | 11 Mar 201600:00 | – | openvas |
![]() | CentOS Update for nss CESA-2016:0371 centos5 | 10 Mar 201600:00 | – | openvas |
![]() | Mozilla Firefox Security Advisory (MFSA2016-35) - Linux | 8 Nov 202100:00 | – | openvas |
Source | Link |
---|---|
ubuntu | www.ubuntu.com/security/notices/USN-2917-2 |
launchpad | www.launchpad.net/bugs/1567671 |
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.842714");
script_cve_id("CVE-2016-1950", "CVE-2016-1952", "CVE-2016-1953", "CVE-2016-1954", "CVE-2016-1955", "CVE-2016-1956", "CVE-2016-1957", "CVE-2016-1958");
script_tag(name:"creation_date", value:"2016-04-08 03:00:50 +0000 (Fri, 08 Apr 2016)");
script_version("2024-02-02T05:06:05+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:05 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2016-03-16 14:43:33 +0000 (Wed, 16 Mar 2016)");
script_name("Ubuntu: Security Advisory (USN-2917-2)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(12\.04\ LTS|14\.04\ LTS|15\.10)");
script_xref(name:"Advisory-ID", value:"USN-2917-2");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-2917-2");
script_xref(name:"URL", value:"https://launchpad.net/bugs/1567671");
script_tag(name:"summary", value:"The remote host is missing an update for the 'firefox' package(s) announced via the USN-2917-2 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"USN-2917-1 fixed vulnerabilities in Firefox. This update caused several
regressions that could result in search engine settings being lost, the
list of search providers appearing empty or the location bar breaking
after typing an invalid URL. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini, and Jukka Jylanki discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2016-1952,
CVE-2016-1953)
Nicolas Golubovic discovered that CSP violation reports can be used to
overwrite local files. If a user were tricked in to opening a specially
crafted website with addon signing disabled and unpacked addons installed,
an attacker could potentially exploit this to gain additional privileges.
(CVE-2016-1954)
Muneaki Nishimura discovered that CSP violation reports contained full
paths for cross-origin iframe navigations. An attacker could potentially
exploit this to steal confidential data. (CVE-2016-1955)
Ucha Gobejishvili discovered that performing certain WebGL operations
resulted in memory resource exhaustion with some Intel GPUs, requiring
a reboot. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service. (CVE-2016-1956)
Jose Martinez and Romina Santillan discovered a memory leak in
libstagefright during MPEG4 video file processing in some circumstances.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
memory exhaustion. (CVE-2016-1957)
Abdulrahman Alqabandi discovered that the addressbar could be blank or
filled with page defined content in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)
Looben Yang discovered an out-of-bounds read in Service Worker Manager. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"'firefox' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 15.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU12.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"firefox", ver:"45.0.1+build1-0ubuntu0.12.04.2", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU14.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"firefox", ver:"45.0.1+build1-0ubuntu0.14.04.2", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU15.10") {
if(!isnull(res = isdpkgvuln(pkg:"firefox", ver:"45.0.1+build1-0ubuntu0.15.10.2", rls:"UBUNTU15.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo