Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0119 Multiple vulnerabilities have been identified in Mozilla Firefox, Firefox ESR, Thunderbird, Thunderbird ESR and SeaMonkey. 30 October 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird Mozilla Thunderbird ESR Mozilla Seamonkey Operating System: UNIX variants (UNIX, Linux, OSX) Windows Android Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2013-5604 CVE-2013-5603 CVE-2013-5602 CVE-2013-5601 CVE-2013-5598 CVE-2013-5597 CVE-2013-5596 CVE-2013-5595 CVE-2013-5593 CVE-2013-5592 CVE-2013-5591 CVE-2013-5590 CVE-2013-1739 Member content until: Friday, November 29 2013 OVERVIEW Multiple vulnerabilities have been fixed in the latest versions of Mozilla Firefox, Firefox ESR, Thunderbird, Thunderbird ESR and SeaMonkey. [1] IMPACT The vendor has provided the following details regarding these vulnerabilities: "CVE-2013-5603:Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a user-after-free when interacting with HTML document templates. This leads to a potentially exploitable crash." [2] "CVE-2013-5602:Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash." [3] "CVE-2013-5601:Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash." [4] "CVE-2013-5598:Security researcher Cody Crews discovered a method to append an iframe into an embedded PDF object rendered with the chrome privileged PDF.js. This can used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object. This can lead to information disclosure of local system files." [5] "CVE-2013-5597:Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. " [6] "CVE-2013-5596:Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition." [7] "CVE-2013-5595:Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilities, these flaws could be potentially exploitable." [8] "CVE-2013-5604:Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash." [9] "CVE-2013-5593:Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within <select> elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks." [10] "CVE-2013-5590:Jesse Ruderman and Christoph Diehl reported memory safety problems and crashes that affect Firefox ESR 17, Firefox ESR 24, and Firefox 24." [11] "CVE-2013-5591:Vladimir Vukicevic reported a crash that affected Firefox ESR 24, and Firefox 24." [11] "CVE-2013-5592:Jesse Ruderman, Gary Kwong, and Kannan Vijayan reported memory safety problems and crashes that affect Firefox 24." [11] "CVE-2013-1739:Carsten Book reported a crash fixed in the NSS library used by Mozilla-based products fixed in Firefox 25, Firefox ESR 24.1, and Firefox ESR 17.0.10." [11] MITIGATION It is recommended that users update to the latest versions of Mozilla Firefox, Firefox ESR, Thunderbird, Thunderbird ESR and SeaMonkey to correct these issues. REFERENCES [1] Mozilla Foundation Security Advisories http://www.mozilla.org/security/announce/ [2] Mozilla Foundation Security Advisory 2013-102 http://www.mozilla.org/security/announce/2013/mfsa2013-102.html [3] Mozilla Foundation Security Advisory 2013-101 http://www.mozilla.org/security/announce/2013/mfsa2013-101.html [4] Mozilla Foundation Security Advisory 2013-100 http://www.mozilla.org/security/announce/2013/mfsa2013-100.html [5] Mozilla Foundation Security Advisory 2013-99 http://www.mozilla.org/security/announce/2013/mfsa2013-99.html [6] Mozilla Foundation Security Advisory 2013-98 http://www.mozilla.org/security/announce/2013/mfsa2013-98.html [7] Mozilla Foundation Security Advisory 2013-97 http://www.mozilla.org/security/announce/2013/mfsa2013-97.html [8] Mozilla Foundation Security Advisory 2013-96 http://www.mozilla.org/security/announce/2013/mfsa2013-96.html [9] Mozilla Foundation Security Advisory 2013-95 http://www.mozilla.org/security/announce/2013/mfsa2013-95.html [10] Mozilla Foundation Security Advisory 2013-94 http://www.mozilla.org/security/announce/2013/mfsa2013-94.html [11] Mozilla Foundation Security Advisory 2013-93 http://www.mozilla.org/security/announce/2013/mfsa2013-93.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUnBjChLndAQH1ShLAQJEMRAAkztNMFFeqOkhKfnbTusf2WAvWPwfnAtb MYQkKwdva13XC5mwRAVzzpKeh1zOuAjMMHjGr/T37CwJQMQnJ+tPU/7n6wG93+eV JAYC1Sh3WlGNN066hhaScfUFuhOSAmq3XXrQ9eNYUmnVhABEn6YrMWeHnfiJ+J9R xsMsxyOgGOgFZMRHuX/tJf5aHRdOMIHi0/8Ow7wt4xeyhAv5kqufeptfcGr8yAQY wnh+fnMLvCxa3SIpnUBZ5rhr4wH6sW/+lTXICGfWkC32Y4Hx7FxXU3YMYskrJOfW LDAjKrd0SihMgS1ibi8dUNLXmKvLRzsV1b1AxJlLaaAEb16BorAHxiDi8zkHW7Dm hkTtGqRCrPytxiNvfXEFAMowbBR+rEMT6V9juWp8kgqvUTc1+RswHea0Jk46PSKD E2F8H0VTmmlgAO+0q8WI0miHYp4ryFnT5M7dTFuUQrECqUOswh/qDYBetlaenEIv L+B6RFNVNHvyepOqY40HCwwjBzh4wpzdsiVLhNSBKWAs6AdtPliTPdj7w8C4VnjR 4QuVOhbq6WiQKptuvzWA8pMRkeDh+6YLnuAyW0cZHk58cy0c3JFwVAPIPPx3mqcQ bEWSzICVCW88VXO55/hGRiTD6qfVy063hdM0bG2oynoVOJc8Mhff796ZGf0cp/G2 EhREhSphLaw= =pQSr -----END PGP SIGNATURE-----