Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Libgraphite library in Mozilla Firefox

 

Systems Affected


Mozilla Firefox versions prior to 43.0
Mozilla Firefox versions ESR 38.x prior to 38.6.1

Threat Level


Medium


Overview


Multiple vulnerabilities have been reported in Mozilla Firefox and Mozilla Firefox ESR which could allow remote attackers to execute arbitrary code, gain sensitive information or result in denial of service conditions.


Description


1. Buffer Overflow Vulnerability ( CVE-2016-1521 )
A vulnerability exists in direct run function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4 used in Mozilla Firefox and Mozilla Firefox ESR due to improper validation of a certain skip function. A remote attacker could exploit this vulnerability via a crafted Graphite smart font leading to buffer overflow conditions. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code, gain sensitive information or result in denial of service conditions.

2. Heap Based Buffer Overflow Vulnerability ( CVE-2016-1522 )
A vulnerability exists in Code.cpp in Libgraphite in Graphite 2 1.2.4 used in Mozilla Firefox and Mozilla Firefox ESR due to improper handling of recursive load calls during a size check. A remote attacker could exploit this vulnerability via a crafted Graphite smart font leading to heap based buffer overflow conditions. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code or result in denial of service conditions.

3. NULL Pointer Dereference Vulnerability ( CVE-2016-1523 )
A vulnerability exists in SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4used in Mozilla Firefox and Mozilla Firefox ESR due to an error while handling a return value. A remote attacker could exploit this vulnerability via a crafted Graphite smart font and trigger NULL pointer dereference. Successful exploitation of this vulnerability could result in denial of service conditions (missing initialization, NULL pointer dereference, and application crash).

4. Out-of-bounds Read Vulnerability ( CVE-2016-1526 )
A vulnerability exists in TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4 used in Mozilla Firefox and Mozilla Firefox ESR due to improper validation of a size value. A remote attacker could exploit this vulnerability via a crafted Graphite smart font. Successful exploitation of this vulnerability could allow the attacker to gain sensitive information or result in denial of service conditions (out-of-bounds read and application crash).


Impact



Solution/ Workarounds


Apply appropriate fixed version as mentioned in Mozilla Security Advisory https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.