SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:   Mozilla.org
Mozilla Firefox Multiple Bugs Let Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Code, Deny Service, and Obtain Information
SecurityTracker Alert ID:  1029928
SecurityTracker URL:  http://securitytracker.com/id/1029928
CVE Reference:   CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1501, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1506, CVE-2014-1507, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514   (Links to External Site)
Updated:  Mar 19 2014
Original Entry Date:  Mar 19 2014
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 28.0
Description:   Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system [CVE-2014-1493, CVE-2014-1494].

Extracted update files are not set with read-only permissions [CVE-2014-1496]. A local user can modify files during the update process to execute arbitrary code on the target system with elevated privileges.

A specially crafted WAV file can access heap memory or cause a crash [CVE-2014-1497].

The crypto.generateCRFMRequest() method does not properly validate the type of the KeyParams argument when generating ec-dual-use requests, which may cause a crash [CVE-2014-1498].

A remote user can exploit a flaw in the permission prompt for a WebRTC session to masquerade as an arbitrary site to potentially gain access to the target user's camera or microphone [CVE-2014-1499].

A remote user can exploit a flaw in processing JavaScript onbeforeunload events to prevent tabs from closing and cause the target user's browser to become unresponsive [CVE-2014-1500].

A remote user can create a specially crafted link that, when selected as "Open Link in New Tab" from the context menu, will access a local file [CVE-2014-1501]. Only Android-based systems are affected.

Specially crafted WebGL content can inject arbitrary content into a target site to replace textures and similar content [CVE-2014-1502].

The session restore function does not save the Content Security Policy (CSP) of 'data:' documents [CVE-2014-1504]. A remote user can exploit this to conduct cross-site scripting attacks to access data recently submitted by the target user via web form to a target site or take actions on the site acting as the target user.

A remote user can exploit a timing flaw involving SVG filters and displacements to potentially access information from a different domain [CVE-2014-1505].

On Android-based systems, third party applications can launch the crash reporter with specially crafted arguments to obtain information from local files in the Firefox profile [CVE-2014-1506].

A Firefox OS application with device-storage permissions can use directory traversal characters to escape the media sandbox and access arbitrary files on the target device [CVE-2014-1507].

An application can trigger an out-of-bounds memory read when rendering polygons [CVE-2014-1508].

A remote user can create a specially crafted font to trigger a memory memory corruption flaw in the Cairo graphics library (if implemented in an extension) and potentially execute arbitrary code [CVE-2014-1509].

A remote user can load a chrome-privileged page [CVE-2014-1510].

A remote user can bypass the popup-blocker [CVE-2014-1511].

A remote user can trigger a use-after-free memory error during Garbage Collection to execute arbitrary code [CVE-2014-1512].

A remote user can exploit a flaw in the TypedArrayObject class to execute arbitrary code [CVE-2014-1513].

A remote user can trigger an out-of-bounds write to memory in 'vmtypedarrayobject.cpp' to execute arbitrary code [CVE-2014-1514].

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob Fletcher, Makoto Kato, Ash, Atte Kettunen from OUSPG, David Keeler, Ehsan Akhgari, Tim Philipp Schafers and
Sebastian Neef from Internetwache.org, Jeff Gilbert, Nicolas Golubovic, Roee Hay, Ben Turner, Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team, John Thomson, Robert O'Callahan, Mariusz Mlynski (via
TippingPoint's Pwn2Own contest), VUPEN (via TippingPoint's Pwn2Own contest), Juri Aedla (via TippingPoint's Pwn2Own contest), George Hotz (via TippingPoint's Pwn2Own contest), and Alex Infuhr reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions.

A local user can obtain elevated privileges on the target system.

A remote user can access data recently submitted by the target user via web form to the target site or take actions on the site acting as the target user.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (28.0).

The vendor's advisories are available at:

http://www.mozilla.org/security/announce/2014/mfsa2014-15.html
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
http://www.mozilla.org/security/announce/2014/mfsa2014-17.html
http://www.mozilla.org/security/announce/2014/mfsa2014-18.html
http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
http://www.mozilla.org/security/announce/2014/mfsa2014-20.html
http://www.mozilla.org/security/announce/2014/mfsa2014-21.html
http://www.mozilla.org/security/announce/2014/mfsa2014-22.html
http://www.mozilla.org/security/announce/2014/mfsa2014-23.html
http://www.mozilla.org/security/announce/2014/mfsa2014-24.html
http://www.mozilla.org/security/announce/2014/mfsa2014-25.html
http://www.mozilla.org/security/announce/2014/mfsa2014-26.html
http://www.mozilla.org/security/announce/2014/mfsa2014-27.html
http://www.mozilla.org/security/announce/2014/mfsa2014-28.html
http://www.mozilla.org/security/announce/2014/mfsa2014-29.html
http://www.mozilla.org/security/announce/2014/mfsa2014-30.html
http://www.mozilla.org/security/announce/2014/mfsa2014-31.html
http://www.mozilla.org/security/announce/2014/mfsa2014-32.html

Vendor URL:  www.mozilla.org/security/announce/2014/mfsa2014-15.html (Links to External Site)
Cause:   Access control error, Authentication error, Boundary error, Input validation error, State error
Underlying OS:  Android, Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 19 2014 (Red Hat Issues Fix) Mozilla Firefox Multiple Bugs Let Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Code, Deny Service, and Obtain Information
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC