Skip to main content

Mozilla Firefox Multiple Vulnerabilities

Last Update Date: 27 Feb 2015 Release Date: 25 Feb 2015 3866 Views

RISK: Medium Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities were identified in Mozilla Firefox, which could be exploited by remote attackers to cause arbitrary code execution, denial of service, bypass security restrictions and disclose potentially sensitive information.

  • A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system.
  • When a local user runs the Mozilla updater (updater.exe) directly, the updater loads DLL files (bcrypt.dll and others) from the current working directory or from Windows temporary directories. A local user can create a specially crafted DLL and cause the DLL to be executed by the target user. 
  • A remote user with a digital certificate for a domain name with an appended period character can conduct a man-in-the-middle attack to bypass key pinning (HPKP) and HTTP Strict Transport Security (HSTS).
  • A remote user can create specially crafted WegGL content that, when loaded by the target user, will cause the target user's browser to crash.
  • A remote user can create a 'turns:' or 'stuns:' URI that, when loaded by the target user, will use plaintext connections to the target server.
  • A remote user can create specially crafted content with IndexedDB that, when loaded by the target user, will trigger a use-after-free memory error in mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex() and crash or execute arbitrary code.
  • A remote user can create a specially crafted MP4 video file that, when loaded by the target user, will trigger a buffer overflow in the libstagefright library and potentially execute arbitrary code.
  • A remote user can cause the target user's browser to send a zero-length XmlHttpRequest (XHR) to trigger a memory allocation error and potentially execute arbitrary code. Firefox version builds created by Mozilla are not affected. Systems built using other memory allocators that follow older pre-standard behaviors may be affected.
  • A remote user can create a specially crafted SVG graphic that, when loaded by the target user, will trigger a memory error in mozilla::gfx::CopyRect() and read uninitialized memory when rendered.
  • A remote user can create specially crafted CSS that, when restyled or reflowed will trigger a heap overflow in nsTransformedTextRun::SetCapitalization() and potentially execute arbitrary code.
  • A remote user can create a specially crafted MP3 audio file that, when loaded by the target user, will trigger a memory allocation error in mozilla::MP3FrameParser::ParseBuffer() and obtain potentially sensitive information from browser memory.
  • A remote user can trigger a segmentation fault in mozilla::layers::BufferTextureClient::AllocateForSurface() when drawing images via the Cairo graphics library DrawTarget function.
  • A remote user can trigger a use-after-free memory error in the Developer Console when expanding macros with the OpenType Sanitiser (OTS) to obtain potentially sensitive information from the Developer Console.
  • A remote user can manipulate the form autocomplete function to cause a local file in a known location to be uploaded.
  • A local user can open a link on a page using the mouse and specific keyboard key combinations to open Chrome privileged URL without context restrictions being preserved. This can be exploited to bypass security restrictions and open local files or resources.
  • A whitelisted Mozilla domain can invoke UI Tour API calls when the UI Tour pages for Firefox are present in background tabs. This can be exploited by a background tab to conduct spoofing and clickjacking of a foreground tab.
  • A remote user can create web content that can exploit a flaw in the Caja Compiler or other similar sandboxing libraries to make extensible some JavaScript objects marked as non-extensible.

Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Versions prior to 36.0

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 36.0

Vulnerability Identifier


Source


Related Link