[arch-security] [ASA-201608-2] firefox: multiple issues
Jelle van der Waa
jelle at archlinux.org
Fri Aug 5 12:11:43 UTC 2016
Arch Linux Security Advisory ASA-201608-2
=========================================
Severity: Critical
Date : 2016-08-05
CVE-ID : CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836
CVE-2016-2837 CVE-2016-2838 CVE-2016-5250 CVE-2016-5251
CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258
CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262
CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266
CVE-2016-5268
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package firefox before version 48.0-1 is vulnerable to multiple
issues.
Resolution
==========
Upgrade to 48.0-1.
# pacman -Syu "firefox>=48.0-1"
The problems have been fixed upstream in version 48.0.
Workaround
==========
None.
Description
===========
- CVE-2016-0718 (arbitrary code execution)
Out-of-bounds read during XML parsing in Expat library.
- CVE-2016-2830 (information disclosure)
Favicon network connection can persist when page is closed.
- CVE-2016-2835 CVE-2016-2836 (arbitrary code execution)
Mozilla developers and community members reported several memory safety
bugs in the browser engine used in firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
- CVE-2016-2837 (arbitrary code execution)
Buffer overflow in ClearKey Content Decryption Module (CDM) during video
playback
- CVE-2016-2838 (arbitrary code execution)
Buffer overflow rendering SVG with bidirectional content.
- CVE-2016-5250 (information disclosure)
Information disclosure through Resource Timing API during page
navigation.
- CVE-2016-5251 (URL spoofing)
Location bar spoofing via data URLs with malformed/invalid mediatypes.
- CVE-2016-5252 (arbitrary code execution)
Stack underflow during 2D graphics rendering.
- CVE-2016-5254 (arbitrary code execution)
Use-after-free when using alt key and toplevel menus.
- CVE-2016-5255 (arbitrary code execution)
Crash in incremental garbage collection in JavaScript.
- CVE-2016-5258 (arbitrary code execution)
Use-after-free in DTLS during WebRTC session shutdown.
- CVE-2016-5259 (arbitrary code execution)
Use-after-free in service workers with nested sync events.
- CVE-2016-5260 (information disclosure)
Form input type change from password to text can store plain text
password in session restore file.
- CVE-2016-5261 (arbitrary code execution)
Integer overflow in WebSockets during data buffering.
- CVE-2016-5262 (cross-site scripting)
Scripts on marquee tag can execute in sandboxed iframes.
- CVE-2016-5263 (type confusion)
Type confusion in display transformation
- CVE-2016-5264 (use after free)
Use-after-free when applying SVG effects.
- CVE-2016-5265 (same-origin policy bypass)
Same-origin policy violation using local HTML file and saved shortcut
file.
- CVE-2016-5266 (information disclosure)
Information disclosure and local file manipulation through drag and
drop.
- CVE-2016-5268 (spoofing)
Spoofing attack through text injection into internal error pages.
Impact
======
A remote attacker can access sensitive information, bypass policies or
execute arbitrary code on the affected host.
References
==========
https://access.redhat.com/security/cve/CVE-2016-0718
https://access.redhat.com/security/cve/CVE-2016-2830
https://access.redhat.com/security/cve/CVE-2016-2835
https://access.redhat.com/security/cve/CVE-2016-2836
https://access.redhat.com/security/cve/CVE-2016-2837
https://access.redhat.com/security/cve/CVE-2016-2838
https://access.redhat.com/security/cve/CVE-2016-5250
https://access.redhat.com/security/cve/CVE-2016-5251
https://access.redhat.com/security/cve/CVE-2016-5252
https://access.redhat.com/security/cve/CVE-2016-5254
https://access.redhat.com/security/cve/CVE-2016-5255
https://access.redhat.com/security/cve/CVE-2016-5258
https://access.redhat.com/security/cve/CVE-2016-5259
https://access.redhat.com/security/cve/CVE-2016-5260
https://access.redhat.com/security/cve/CVE-2016-5261
https://access.redhat.com/security/cve/CVE-2016-5262
https://access.redhat.com/security/cve/CVE-2016-5263
https://access.redhat.com/security/cve/CVE-2016-5264
https://access.redhat.com/security/cve/CVE-2016-5265
https://access.redhat.com/security/cve/CVE-2016-5266
https://access.redhat.com/security/cve/CVE-2016-5268
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160805/efbda6cb/attachment.asc>
More information about the arch-security
mailing list