Arch Linux Security Advisory ASA-201608-2 ========================================= Severity: Critical Date : 2016-08-05 CVE-ID : CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5268 Package : firefox Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package firefox before version 48.0-1 is vulnerable to multiple issues. Resolution ========== Upgrade to 48.0-1. # pacman -Syu "firefox>=48.0-1" The problems have been fixed upstream in version 48.0. Workaround ========== None. Description =========== - CVE-2016-0718 (arbitrary code execution) Out-of-bounds read during XML parsing in Expat library. - CVE-2016-2830 (information disclosure) Favicon network connection can persist when page is closed. - CVE-2016-2835 CVE-2016-2836 (arbitrary code execution) Mozilla developers and community members reported several memory safety bugs in the browser engine used in firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. - CVE-2016-2837 (arbitrary code execution) Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback - CVE-2016-2838 (arbitrary code execution) Buffer overflow rendering SVG with bidirectional content. - CVE-2016-5250 (information disclosure) Information disclosure through Resource Timing API during page navigation. - CVE-2016-5251 (URL spoofing) Location bar spoofing via data URLs with malformed/invalid mediatypes. - CVE-2016-5252 (arbitrary code execution) Stack underflow during 2D graphics rendering. - CVE-2016-5254 (arbitrary code execution) Use-after-free when using alt key and toplevel menus. - CVE-2016-5255 (arbitrary code execution) Crash in incremental garbage collection in JavaScript. - CVE-2016-5258 (arbitrary code execution) Use-after-free in DTLS during WebRTC session shutdown. - CVE-2016-5259 (arbitrary code execution) Use-after-free in service workers with nested sync events. - CVE-2016-5260 (information disclosure) Form input type change from password to text can store plain text password in session restore file. - CVE-2016-5261 (arbitrary code execution) Integer overflow in WebSockets during data buffering. - CVE-2016-5262 (cross-site scripting) Scripts on marquee tag can execute in sandboxed iframes. - CVE-2016-5263 (type confusion) Type confusion in display transformation - CVE-2016-5264 (use after free) Use-after-free when applying SVG effects. - CVE-2016-5265 (same-origin policy bypass) Same-origin policy violation using local HTML file and saved shortcut file. - CVE-2016-5266 (information disclosure) Information disclosure and local file manipulation through drag and drop. - CVE-2016-5268 (spoofing) Spoofing attack through text injection into internal error pages. Impact ====== A remote attacker can access sensitive information, bypass policies or execute arbitrary code on the affected host. References ========== https://access.redhat.com/security/cve/CVE-2016-0718 https://access.redhat.com/security/cve/CVE-2016-2830 https://access.redhat.com/security/cve/CVE-2016-2835 https://access.redhat.com/security/cve/CVE-2016-2836 https://access.redhat.com/security/cve/CVE-2016-2837 https://access.redhat.com/security/cve/CVE-2016-2838 https://access.redhat.com/security/cve/CVE-2016-5250 https://access.redhat.com/security/cve/CVE-2016-5251 https://access.redhat.com/security/cve/CVE-2016-5252 https://access.redhat.com/security/cve/CVE-2016-5254 https://access.redhat.com/security/cve/CVE-2016-5255 https://access.redhat.com/security/cve/CVE-2016-5258 https://access.redhat.com/security/cve/CVE-2016-5259 https://access.redhat.com/security/cve/CVE-2016-5260 https://access.redhat.com/security/cve/CVE-2016-5261 https://access.redhat.com/security/cve/CVE-2016-5262 https://access.redhat.com/security/cve/CVE-2016-5263 https://access.redhat.com/security/cve/CVE-2016-5264 https://access.redhat.com/security/cve/CVE-2016-5265 https://access.redhat.com/security/cve/CVE-2016-5266 https://access.redhat.com/security/cve/CVE-2016-5268 https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefo...