[arch-security] [ASA-201608-2] firefox: multiple issues
Jelle van der Waa
jelle at archlinux.org
Fri Aug 5 12:11:43 UTC 2016
Arch Linux Security Advisory ASA-201608-2
Date : 2016-08-05
CVE-ID : CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836
CVE-2016-2837 CVE-2016-2838 CVE-2016-5250 CVE-2016-5251
CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258
CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262
CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package firefox before version 48.0-1 is vulnerable to multiple
Upgrade to 48.0-1.
# pacman -Syu "firefox>=48.0-1"
The problems have been fixed upstream in version 48.0.
- CVE-2016-0718 (arbitrary code execution)
Out-of-bounds read during XML parsing in Expat library.
- CVE-2016-2830 (information disclosure)
Favicon network connection can persist when page is closed.
- CVE-2016-2835 CVE-2016-2836 (arbitrary code execution)
Mozilla developers and community members reported several memory safety
bugs in the browser engine used in firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
- CVE-2016-2837 (arbitrary code execution)
Buffer overflow in ClearKey Content Decryption Module (CDM) during video
- CVE-2016-2838 (arbitrary code execution)
Buffer overflow rendering SVG with bidirectional content.
- CVE-2016-5250 (information disclosure)
Information disclosure through Resource Timing API during page
- CVE-2016-5251 (URL spoofing)
Location bar spoofing via data URLs with malformed/invalid mediatypes.
- CVE-2016-5252 (arbitrary code execution)
Stack underflow during 2D graphics rendering.
- CVE-2016-5254 (arbitrary code execution)
Use-after-free when using alt key and toplevel menus.
- CVE-2016-5255 (arbitrary code execution)
- CVE-2016-5258 (arbitrary code execution)
Use-after-free in DTLS during WebRTC session shutdown.
- CVE-2016-5259 (arbitrary code execution)
Use-after-free in service workers with nested sync events.
- CVE-2016-5260 (information disclosure)
Form input type change from password to text can store plain text
password in session restore file.
- CVE-2016-5261 (arbitrary code execution)
Integer overflow in WebSockets during data buffering.
- CVE-2016-5262 (cross-site scripting)
Scripts on marquee tag can execute in sandboxed iframes.
- CVE-2016-5263 (type confusion)
Type confusion in display transformation
- CVE-2016-5264 (use after free)
Use-after-free when applying SVG effects.
- CVE-2016-5265 (same-origin policy bypass)
Same-origin policy violation using local HTML file and saved shortcut
- CVE-2016-5266 (information disclosure)
Information disclosure and local file manipulation through drag and
- CVE-2016-5268 (spoofing)
Spoofing attack through text injection into internal error pages.
A remote attacker can access sensitive information, bypass policies or
execute arbitrary code on the affected host.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: not available
More information about the arch-security