Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

USN-2602-1: Firefox vulnerabilities

13 May 2015

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • firefox - Mozilla Open Source web browser

Details

Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong,
Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-2708, CVE-2015-2709)

Atte Kettunen discovered a buffer overflow during the rendering of SVG
content with certain CSS properties in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-2710)

Alex Verstak discovered that is ignored in some
circumstances. (CVE-2015-2711)

Dougall Johnson discovered an out of bounds read and write in asm.js. If
a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to obtain sensitive information,
cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2015-2712)

Scott Bell discovered a use-afer-free during the processing of text when
vertical text is enabled. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2015-2713)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during
shutdown. An attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-2715)

Ucha Gobejishvili discovered a buffer overflow when parsing compressed XML
content. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-2716)

A buffer overflow and out-of-bounds read were discovered when parsing
metadata in MP4 files in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-2717)

Mark Hammond discovered that when a trusted page is hosted within an
iframe in an untrusted page, the untrusted page can intercept webchannel
responses meant for the trusted page in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
exploit this to bypass origin restrictions. (CVE-2015-2718)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04
Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04

After a standard system update you need to restart Firefox to make
all the necessary changes.

Related notices

  • USN-2603-1: thunderbird-locale-bn-bd, thunderbird-locale-sv-se, thunderbird-locale-sk, thunderbird-locale-gl, thunderbird-locale-nn-no, thunderbird-locale-id, thunderbird-locale-eu, thunderbird-gnome-support, thunderbird-locale-de, thunderbird-globalmenu, thunderbird-locale-ro, thunderbird-locale-tr, thunderbird-locale-el, thunderbird-locale-ga-ie, thunderbird-locale-ast, thunderbird-locale-zh-hans, thunderbird-locale-nb-no, thunderbird-locale-ta, thunderbird-locale-ar, thunderbird-locale-ga, thunderbird-locale-pt-br, thunderbird-locale-sl, thunderbird-locale-et, thunderbird-locale-gd, thunderbird-locale-ko, thunderbird-locale-zh-tw, thunderbird-locale-vi, thunderbird-locale-bg, thunderbird-locale-nl, thunderbird-locale-it, xul-ext-gdata-provider, thunderbird-locale-en-gb, thunderbird-locale-hu, thunderbird-locale-en, thunderbird-locale-bn, thunderbird-locale-ta-lk, thunderbird-locale-ru, xul-ext-lightning, thunderbird, thunderbird-locale-pt-pt, thunderbird-locale-es-es, thunderbird-locale-pl, thunderbird-locale-zh-cn, thunderbird-locale-si, thunderbird-locale-ca, xul-ext-calendar-timezones, thunderbird-locale-da, thunderbird-locale-fy, thunderbird-locale-en-us, thunderbird-locale-he, thunderbird-locale-sq, thunderbird-locale-lt, thunderbird-locale-sr, thunderbird-locale-ka, thunderbird-locale-sv, thunderbird-locale-ja, thunderbird-locale-cs, thunderbird-locale-is, thunderbird-locale-uk, thunderbird-locale-es-ar, thunderbird-locale-rm, thunderbird-dev, thunderbird-locale-br, thunderbird-locale-nb, thunderbird-locale-be, thunderbird-locale-pa-in, thunderbird-locale-zh-hant, thunderbird-locale-mk, thunderbird-locale-fy-nl, thunderbird-locale-af, thunderbird-locale-fr, thunderbird-locale-es, thunderbird-mozsymbols, thunderbird-locale-pt, thunderbird-locale-hy, thunderbird-locale-fi, thunderbird-locale-hr, thunderbird-locale-pa, thunderbird-locale-nn, thunderbird-testsuite