=========================================================================Ubuntu Security Notice USN-2656-2
July 15, 2015

firefox vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and
later releases.

This update provides the corresponding update for Ubuntu 12.04 LTS.

Original advisory details:

 Karthikeyan Bhargavan discovered that NSS incorrectly handled state
 transitions for the TLS state machine. If a remote attacker were able to
 perform a man-in-the-middle attack, this flaw could be exploited to skip
 the ServerKeyExchange message and remove the forward-secrecy property.
 (CVE-2015-2721)
 
 Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in
 some circumstances. If a user were tricked in to opening a specially
 crafted website, an attacker could potentially exploit these to cause a
 denial of service via application crash, or execute arbitrary code with
 the privileges of the user invoking Firefox. (CVE-2015-2722,
 CVE-2015-2733)
 
 Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence
 Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru
 Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory
 safety issues in Firefox. If a user were tricked in to opening a specially
 crafted website, an attacker could potentially exploit these to cause a
 denial of service via application crash, or execute arbitrary code with
 the privileges of the user invoking Firefox. (CVE-2015-2724,
 CVE-2015-2725, CVE-2015-2726)
 
 Armin Razmdjou discovered that opening hyperlinks with specific mouse
 and key combinations could allow a Chrome privileged URL to be opened
 without context restrictions being preserved. If a user were tricked in to
 opening a specially crafted website, an attacker could potentially exploit
 this to bypass security restrictions. (CVE-2015-2727)
 
 Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If
 a user were tricked in to opening a specially crafted website, an attacker
 could potentially exploit this to cause a denial of service via
 application crash or execute arbitrary code with the priviliges of the
 user invoking Firefox. (CVE-2015-2728)
 
 Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a
 user were tricked in to opening a specially crafted website, an attacker
 could potentially exploit this to obtain sensitive information.
 (CVE-2015-2729)
 
 Watson Ladd discovered that NSS incorrectly handled Elliptical Curve
 Cryptography (ECC) multiplication. A remote attacker could possibly use
 this issue to spoof ECDSA signatures. (CVE-2015-2730)
 
 A use-after-free was discovered when a Content Policy modifies the DOM to
 remove a DOM object. If a user were tricked in to opening a specially
 crafted website, an attacker could potentially exploit this to cause a
 denial of service via application crash or execute arbitrary code with the
 priviliges of the user invoking Firefox. (CVE-2015-2731)
 
 Ronald Crane discovered multiple security vulnerabilities. If a user were
 tricked in to opening a specially crafted website, an attacker could
 potentially exploit these to cause a denial of service via application
 crash, or execute arbitrary code with the privileges of the user invoking
 Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737,
 CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)
 
 David Keeler discovered that key pinning checks can be skipped when an
 overridable certificate error occurs. This allows a user to manually
 override an error for a fake certificate, but cannot be exploited on its
 own. (CVE-2015-2741)
 
 Jonas Jenwald discovered that some internal workers were incorrectly
 executed with a high privilege. If a user were tricked in to opening a
 specially crafted website, an attacker could potentially exploit this in
 combination with another security vulnerability, to execute arbitrary code
 in a privileged scope. (CVE-2015-2743)
 
 Matthew Green discovered a DHE key processing issue in NSS where a MITM
 could force a server to downgrade TLS connections to 512-bit export-grade
 cryptography. An attacker could potentially exploit this to impersonate
 the server. (CVE-2015-4000)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  firefox                         39.0+build5-0ubuntu0.12.04.2

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2656-2
  https://ubuntu.com/security/notices/USN-2656-1
  CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725,
  CVE-2015-2726, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729,
  CVE-2015-2730, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734,
  CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738,
  CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-2743,
  CVE-2015-4000

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/39.0+build5-0ubuntu0.12.04.2

Ubuntu 2656-2: Firefox vulnerabilities

July 15, 2015
Firefox could be made to crash or run programs as your login if it opened a malicious website.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: firefox 39.0+build5-0ubuntu0.12.04.2 After a standard system update you need to restart Firefox to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2656-2

https://ubuntu.com/security/notices/USN-2656-1

CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725,

CVE-2015-2726, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729,

CVE-2015-2730, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734,

CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738,

CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-2743,

CVE-2015-4000

Severity
July 15, 2015

Package Information

https://launchpad.net/ubuntu/+source/firefox/39.0+build5-0ubuntu0.12.04.2

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved