Firefox vulnerabilities

2013-12-11T00:00:00
ID USN-2052-1
Type ubuntu
Reporter Ubuntu
Modified 2013-12-11T00:00:00

Description

Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5609, CVE-2013-5610)

Myk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2013-5611)

Masato Kinugawa discovered that pages with missing character set encoding information can inherit character encodings across navigations from another domain. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2013-5612)

Daniel Veditz discovered that a sandboxed iframe could use an object element to bypass its own restrictions. (CVE-2013-5614)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5616)

A use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5618)

Dan Gohman discovered that binary search algorithms in Spidermonkey used arithmetic prone to overflow in several places. However, this is issue not believed to be exploitable. (CVE-2013-5619)

Tyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-6671)

Vincent Lefevre discovered that web content could access clipboard data under certain circumstances, resulting in information disclosure. (CVE-2013-6672)

Sijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673)

Tyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-5613)

Eric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. An attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615)

Michal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630)