SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:   Mozilla.org
Mozilla Firefox Multiple Flaws Let Remote Users Deny Service, Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1031791
SecurityTracker URL:  http://securitytracker.com/id/1031791
CVE Reference:   CVE-2015-0819, CVE-2015-0820, CVE-2015-0821, CVE-2015-0822, CVE-2015-0823, CVE-2015-0824, CVE-2015-0825, CVE-2015-0826, CVE-2015-0827, CVE-2015-0828, CVE-2015-0829, CVE-2015-0830, CVE-2015-0831, CVE-2015-0832, CVE-2015-0833, CVE-2015-0834, CVE-2015-0835, CVE-2015-0836   (Links to External Site)
Updated:  Feb 25 2015
Original Entry Date:  Feb 24 2015
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 36.0
Description:   Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions on the target system. A remote user can obtain potentially sensitive information. A remote user can bypass security restrictions.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system [CVE-2015-0835, CVE-2015-0836].

When a local user runs the Mozilla updater (updater.exe) directly, the updater loads DLL files (bcrypt.dll and others) from the current working directory or from Windows temporary directories. A local user can create a specially crafted DLL and cause the DLL to be executed by the target user [CVE-2015-0833].

A remote user with a digital certificate for a domain name with an appended period character can conduct a man-in-the-middle attack to bypass key pinning (HPKP) and HTTP Strict Transport Security (HSTS) [CVE-2015-0832].

A remote user can create specially crafted WegGL content that, when loaded by the target user, will cause the target user's browser to crash [CVE-2015-0830].

A remote user can create a 'turns:' or 'stuns:' URI that, when loaded by the target user, will use plaintext connections to the target server [CVE-2015-0834].

A remote user can create specially crafted content with IndexedDB that, when loaded by the target user, will trigger a use-after-free memory error in mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex() and crash or execute arbitrary code [CVE-2015-0831].

A remote user can create a specially crafted MP4 video file that, when loaded by the target user, will trigger a buffer overflow in the libstagefright library and potentially execute arbitrary code [CVE-2015-0829].

A remote user can cause the target user's browser to send a zero-length XmlHttpRequest (XHR) to trigger a memory allocation error and potentially execute arbitrary code [CVE-2015-0828]. Firefox version builds created by Mozilla are not affected. Systems built using other memory allocators that follow older pre-standard behaviors may be affected.

A remote user can create a specially crafted SVG graphic that, when loaded by the target user, will trigger a memory error in mozilla::gfx::CopyRect() and read uninitialized memory when rendered [CVE-2015-0827].

A remote user can create specially crafted CSS that, when restyled or reflowed will trigger a heap overflow in nsTransformedTextRun::SetCapitalization() and potentially execute arbitrary code [CVE-2015-0826].

A remote user can create a specially crafted MP3 audio file that, when loaded by the target user, will trigger a memory allocation error in mozilla::MP3FrameParser::ParseBuffer() and obtain potentially sensitive information from browser memory [CVE-2015-0825].

A remote user can trigger a segmentation fault in mozilla::layers::BufferTextureClient::AllocateForSurface() when drawing images via the Cairo graphics library DrawTarget function [CVE-2015-0824].

A remote user can trigger a use-after-free memory error in the Developer Console when expanding macros with the OpenType Sanitiser (OTS) to obtain potentially sensitive information from the Developer Console [CVE-2015-0823].

A remote user can manipulate the form autocomplete function to cause a local file in a known location to be uploaded [CVE-2015-0822].

A local user can open a link on a page using the mouse and specific keyboard key combinations to open Chrome privileged URL without context restrictions being preserved [CVE-2015-0821]. This can be exploited to bypass security restrictions and open local files or resources.

A whitelisted Mozilla domain can invoke UITour API calls when the UI Tour pages for Firefox are present in background tabs [CVE-2015-0819]. This can be exploited by a background tab to conduct spoofing and clickjacking of a foreground tab.

A remote user can create web content that can exploit a flaw in the Caja Compiler or other similar sandboxing libraries to make extensible some JavaScript objects marked as non-extensible [CVE-2015-0820].

Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Christian Holler, Jesse Ruderman, Randell Jesup, Robin Whittleton, Jon Coppeard, Nikhil Marathe, Holger Fuhrmannek,
Muneaki Nishimura, Daniele Di Proietto, Alexander Kolesnik, Paul Bandha, Pantrombka, Abhishek Arya, Atte Kettunen, Armin Razmdjou, and Matthew Noorenberghe reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions.

A local user can obtain elevated privileges on the target system.

A remote user can bypass security restrictions.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (ESR 31.5, 36).

The vendor's advisories are available at:

https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-23/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/

Vendor URL:  www.mozilla.org/en-US/security/advisories/mfsa2015-11/ (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 25 2015 (Red Hat Issues Fix) Mozilla Firefox Multiple Flaws Let Remote Users Deny Service, Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 5, 6, and 7.
Feb 26 2015 (Ubuntu Issues Fix) Mozilla Firefox Multiple Flaws Let Remote Users Deny Service, Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges
Ubuntu has issued a fix for Ubuntu 12.04 LTS, 14.04 LTS, and 14.10.
Mar 5 2015 (Red Hat Issues Fix) Mozilla Firefox Multiple Flaws Let Remote Users Deny Service, Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges
Red Hat has issued a fix for ppc64le on Red Hat Enterprise Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2018, SecurityGlobal.net LLC