Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Mozilla Products

 

Systems Affected



Mozilla Firefox prior to 36.0
Firefox ESR 31.x before 31.5
Thunderbird before 31.5

Threat Level


High


Overview


Multiple vulnerabilities have been reported in Mozilla Products which could be exploited by remote attackers to disclose sensitive information, execute arbitrary code or cause Denial of Service (DoS) conditions, bypass security restrictions on the systems installed with affected versions of software.


Description


1. Security Vulnerability ( CVE-2015-0819 )
This vulnerability exists in the UITour::onPageEvent function in Mozilla Firefox as it fails to ensure that an API call is originating from a foreground tab. A remote attacker could exploit this vulnerability by leveraging access to conduct spoofing and clickjacking attacks.

2. Sandbox Security Bypass Vulnerability ( CVE-2015-0820 )
The vulnerability exists in Mozilla Firefox due to its inadequacy to properly restrict the transitions of JavaScript objects from a non-extensible state to an extensible state. A remote attacker could exploit this vulnerability by enticing users to view a crafted website to bypassing a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism.

3. Local Security-Bypass Vulnerability ( CVE-2015-0821 )
Security bypass vulnerability exists in Mozilla Firefox. A user-assisted remote attacker could exploit this vulnerability via a crafted web site to read arbitrary files or execute arbitrary JavaScript code with chrome privileges.

Note: The crafted website may contain hyperlinks which are assessed by unspecified mouse and specific combinations of keyboard key which might execute arbitrary JavaScript code.

4. Information Disclosure Vulnerability ( CVE-2015-0822 )
An inherent Information disclosure vulnerability exists in Form Autocompletion feature in Mozilla products. A remote attacker could exploit this vulnerability by manipulating the autocomplete feature in a form via crafted JavaScript code which further allows the attacker to read arbitrary files from the target system.

5. Multiple Use After Free Vulnerabilities ( CVE-2015-0823 )
Multiple use-after-free vulnerabilities exist in Mozilla Firefox due to an error present in OpenType Sanitiser (OTS). A remote attacker could exploit this vulnerability to trigger memory corruption error by leveraging incorrect macro expansion in context to ots::ots_gasp_parse function.

6. Denial of Service Vulnerability ( CVE-2015-0824 )
The vulnerability exists in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox. A remote attacker could exploit this vulnerability by using DrawTarget function to draw images through Cairo library which further leads to segmentation fault causing the application to crash.

7. Buffer Under flow Vulnerability ( CVE-2015-0825 )
The vulnerability exists in mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox. A remote attacker could exploit this vulnerability by using a malformed MP3 file to manipulate memory allocation to obtain sensitive information.

8. Buffer Overflow Vulnerability ( CVE-2015-0826 )
The vulnerability exists in the nsTransformedTextRun::SetCapitalization function in Mozilla Firefox. A remote attacker could exploit this vulnerability by using crafted Cascading Style Sheets (CSS) token sequence to trigger a restyle or reflow operation which leads to the execution of arbitrary code or cause Denial of Service conditions.

9. Heap Buffer Overflow Vulnerability ( CVE-2015-0827 )
The vulnerability exists in the mozilla::gfx::CopyRect function present in Mozilla products. A remote attacker could exploit this vulnerability by using a malformed SVG graphic to obtain sensitive information from an uninitialized memory.

10. Double Free Memory Corruption Vulnerability ( CVE-2015-0828 )
The vulnerability exists in Mozilla Firefox due to errors caused during memory allocation when using nonstandard memory allocator libraries than jemalloc. A remote attacker could exploit this vulnerability using crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data to execute arbitrary code or cause a denial of service.

11. Buffer Overflow Vulnerability ( CVE-2015-0829 )
The vulnerability exists in libstagefright in Mozilla Firefox due to its inadequacy to properly handle the mp4 video during playback. A remote attacker could exploit this vulnerability to execute arbitrary code in security context of the affected software.

12. Denial of Service Vulnerability ( CVE-2015-0830 )
The vulnerability exists in Mozilla Firefox due to the improper implementation of WebGL. A remote attacker could exploit this vulnerability by using specially crafted WebGL content to trigger improper memory allocation leading to a denial of service conditions.

13. Use After Free Vulnerability ( CVE-2015-0831 )
The vulnerability exists in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function present in the Mozilla products. A remote attacker could exploit this vulnerability by running specific web content which is improperly handled by IndexedDB used for creating an index ,which leads to the execution of arbitrary code or result in denial of service conditions.

14. Security Bypass Vulnerability ( CVE-2015-0832 )
The vulnerability exists in Mozilla Firefox due to the improper recognition of equivalence of domain names with and without a trailing "." (dot) character. A man-in-the-middle attacker could exploit this vulnerability to bypass key pinning (HPKP) and HTTP Strict Transport Security (HSTS) protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character.

15. Multiple Untrusted Search Path Vulnerabilities ( CVE-2015-0833 )
The vulnerability exists in Mozilla updater i.e. updater.exe used in Mozilla products on Windows Systems. A remote attacker could exploit this vulnerability by executing malicious DLL files with elevated privileges either in the current working directory or in temporary directory if a user agrees when a User Account Control (UAC) prompt from Windows is displayed.

Note: Successful exploitation of this vulnerability requires that the Mozilla updater i.e. updater.exe is run without the Mozilla Maintenance Service on Windows systems.

16. Information Disclosure Vulnerability ( CVE-2015-0834 )
The vulnerability exists in Mozilla Firefox due to the lack of support TURN or STUN servers using TLS connections. A remote attacker could exploit this vulnerability to discover credentials by spoofing a server through a Man-in-the-middle (MITM) attack.

17. Multiple Unspecified Memory Corruption Vulnerabilities ( CVE-2015-0835 CVE-2015-0836 )
Multiple vulnerabilities exist in the Mozilla products which could allow a remote attacker cause a denial of service conditions or possibly execute arbitrary code via unknown vectors.


Impact



Solution/ Workarounds


Apply appropriate fixed versions as mentioned in Mozilla Security Advisory

https://www.mozilla.org/en-US/security/advisories/mfsa2015-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-23/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.