Lucene search

K

Ubuntu: Security Advisory (USN-2917-2)

🗓️ 08 Apr 2016 00:00:00Reported by Copyright (C) 2016 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 15 Views

The update fixes regressions in Firefox causing search engine settings loss and location bar breaking after typing an invalid URL. It also addresses buffer overflow, memory safety issues, file overwriting, path disclosure, and memory resource exhaustion vulnerabilities

Show more
Related
Refs
Code
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.842714");
  script_cve_id("CVE-2016-1950", "CVE-2016-1952", "CVE-2016-1953", "CVE-2016-1954", "CVE-2016-1955", "CVE-2016-1956", "CVE-2016-1957", "CVE-2016-1958");
  script_tag(name:"creation_date", value:"2016-04-08 03:00:50 +0000 (Fri, 08 Apr 2016)");
  script_version("2024-02-02T05:06:05+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:05 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.1");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2016-03-16 14:43:33 +0000 (Wed, 16 Mar 2016)");

  script_name("Ubuntu: Security Advisory (USN-2917-2)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(12\.04\ LTS|14\.04\ LTS|15\.10)");

  script_xref(name:"Advisory-ID", value:"USN-2917-2");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-2917-2");
  script_xref(name:"URL", value:"https://launchpad.net/bugs/1567671");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'firefox' package(s) announced via the USN-2917-2 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"USN-2917-1 fixed vulnerabilities in Firefox. This update caused several
regressions that could result in search engine settings being lost, the
list of search providers appearing empty or the location bar breaking
after typing an invalid URL. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
 If a user were tricked in to opening a specially crafted website, an
 attacker could potentially exploit this to cause a denial of service via
 application crash, or execute arbitrary code with the privileges of the
 user invoking Firefox. (CVE-2016-1950)

 Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
 Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
 Tyson Smith, Andrea Marchesini, and Jukka Jylanki discovered multiple
 memory safety issues in Firefox. If a user were tricked in to opening a
 specially crafted website, an attacker could potentially exploit these to
 cause a denial of service via application crash, or execute arbitrary code
 with the privileges of the user invoking Firefox. (CVE-2016-1952,
 CVE-2016-1953)

 Nicolas Golubovic discovered that CSP violation reports can be used to
 overwrite local files. If a user were tricked in to opening a specially
 crafted website with addon signing disabled and unpacked addons installed,
 an attacker could potentially exploit this to gain additional privileges.
 (CVE-2016-1954)

 Muneaki Nishimura discovered that CSP violation reports contained full
 paths for cross-origin iframe navigations. An attacker could potentially
 exploit this to steal confidential data. (CVE-2016-1955)

 Ucha Gobejishvili discovered that performing certain WebGL operations
 resulted in memory resource exhaustion with some Intel GPUs, requiring
 a reboot. If a user were tricked in to opening a specially crafted
 website, an attacker could potentially exploit this to cause a denial
 of service. (CVE-2016-1956)

 Jose Martinez and Romina Santillan discovered a memory leak in
 libstagefright during MPEG4 video file processing in some circumstances.
 If a user were tricked in to opening a specially crafted website, an
 attacker could potentially exploit this to cause a denial of service via
 memory exhaustion. (CVE-2016-1957)

 Abdulrahman Alqabandi discovered that the addressbar could be blank or
 filled with page defined content in some circumstances. If a user were
 tricked in to opening a specially crafted website, an attacker could
 potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)

 Looben Yang discovered an out-of-bounds read in Service Worker Manager. If
 a user were tricked in to opening a specially crafted website, an attacker
 could potentially exploit this to cause a denial of service via
 application crash, or execute arbitrary code with the privileges ... [Please see the references for more information on the vulnerabilities]");

  script_tag(name:"affected", value:"'firefox' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 15.10.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU12.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"firefox", ver:"45.0.1+build1-0ubuntu0.12.04.2", rls:"UBUNTU12.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU14.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"firefox", ver:"45.0.1+build1-0ubuntu0.14.04.2", rls:"UBUNTU14.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU15.10") {

  if(!isnull(res = isdpkgvuln(pkg:"firefox", ver:"45.0.1+build1-0ubuntu0.15.10.2", rls:"UBUNTU15.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 Apr 2016 00:00Current
7.3High risk
Vulners AI Score7.3
CVSS27.1
CVSS36.5
EPSS0.027
15
.json
Report