Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2013.0119
Multiple vulnerabilities have been identified in Mozilla Firefox, Firefox
ESR, Thunderbird, Thunderbird ESR and SeaMonkey.
30 October 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Mozilla Firefox
Mozilla Firefox ESR
Mozilla Thunderbird
Mozilla Thunderbird ESR
Mozilla Seamonkey
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Android
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2013-5604 CVE-2013-5603 CVE-2013-5602
CVE-2013-5601 CVE-2013-5598 CVE-2013-5597
CVE-2013-5596 CVE-2013-5595 CVE-2013-5593
CVE-2013-5592 CVE-2013-5591 CVE-2013-5590
CVE-2013-1739
Member content until: Friday, November 29 2013
OVERVIEW
Multiple vulnerabilities have been fixed in the latest versions of
Mozilla Firefox, Firefox ESR, Thunderbird, Thunderbird ESR and
SeaMonkey. [1]
IMPACT
The vendor has provided the following details regarding these
vulnerabilities:
"CVE-2013-5603:Security researcher Abhishek Arya (Inferno) of the
Google Chrome Security Team used the Address Sanitizer tool to
discover a user-after-free when interacting with HTML document
templates. This leads to a potentially exploitable crash." [2]
"CVE-2013-5602:Security researcher Nils used the Address Sanitizer
tool while fuzzing to discover a memory corruption issue with the
JavaScript engine when using workers with direct proxies. This
results in a potentially exploitable crash." [3]
"CVE-2013-5601:Security researcher Nils used the Address Sanitizer
tool while fuzzing to discover missing strong references in browsing
engine leading to use-after-frees. This can lead to a potentially
exploitable crash." [4]
"CVE-2013-5598:Security researcher Cody Crews discovered a method to
append an iframe into an embedded PDF object rendered with the
chrome privileged PDF.js. This can used to bypass security
restrictions to load local or chrome privileged files and objects
within the embedded PDF object. This can lead to information
disclosure of local system files." [5]
"CVE-2013-5597:Security researcher Byoungyoung Lee of Georgia Tech
Information Security Center (GTISC) used the Address Sanitizer tool
to discover a use-after-free during state change events while
updating the offline cache. This leads to a potentially exploitable
crash. " [6]
"CVE-2013-5596:Mozilla community member Ezra Pool reported a
potentially exploitable crash on extremely large pages. This was
caused when a cycle collected image object was released on the wrong
thread during decoding, creating a race condition." [7]
"CVE-2013-5595:Compiler Engineer Dan Gohman of Google discovered a
flaw in the JavaScript engine where memory was being incorrectly
allocated for some functions and the calls for allocations were not
always properly checked for overflow, leading to potential buffer
overflows. When combined with other vulnerabilities, these flaws
could be potentially exploitable." [8]
"CVE-2013-5604:Security researcher Abhishek Arya (Inferno) of the
Google Chrome Security Team used the Address Sanitizer tool to
discover an access violation due to uninitialized data during
Extensible Stylesheet Language Transformation (XSLT) processing.
This leads to a potentially exploitable crash." [9]
"CVE-2013-5593:Security researcher Jordi Chancel discovered a method
to put arbitrary HTML content within <select> elements and place it
in arbitrary locations. This can be used to spoof the displayed
addressbar, leading to clickjacking and other spoofing attacks."
[10]
"CVE-2013-5590:Jesse Ruderman and Christoph Diehl reported memory
safety problems and crashes that affect Firefox ESR 17, Firefox ESR
24, and Firefox 24." [11]
"CVE-2013-5591:Vladimir Vukicevic reported a crash that affected
Firefox ESR 24, and Firefox 24." [11]
"CVE-2013-5592:Jesse Ruderman, Gary Kwong, and Kannan Vijayan
reported memory safety problems and crashes that affect Firefox 24."
[11]
"CVE-2013-1739:Carsten Book reported a crash fixed in the NSS
library used by Mozilla-based products fixed in Firefox 25, Firefox
ESR 24.1, and Firefox ESR 17.0.10." [11]
MITIGATION
It is recommended that users update to the latest versions of
Mozilla Firefox, Firefox ESR, Thunderbird, Thunderbird ESR and
SeaMonkey to correct these issues.
REFERENCES
[1] Mozilla Foundation Security Advisories
http://www.mozilla.org/security/announce/
[2] Mozilla Foundation Security Advisory 2013-102
http://www.mozilla.org/security/announce/2013/mfsa2013-102.html
[3] Mozilla Foundation Security Advisory 2013-101
http://www.mozilla.org/security/announce/2013/mfsa2013-101.html
[4] Mozilla Foundation Security Advisory 2013-100
http://www.mozilla.org/security/announce/2013/mfsa2013-100.html
[5] Mozilla Foundation Security Advisory 2013-99
http://www.mozilla.org/security/announce/2013/mfsa2013-99.html
[6] Mozilla Foundation Security Advisory 2013-98
http://www.mozilla.org/security/announce/2013/mfsa2013-98.html
[7] Mozilla Foundation Security Advisory 2013-97
http://www.mozilla.org/security/announce/2013/mfsa2013-97.html
[8] Mozilla Foundation Security Advisory 2013-96
http://www.mozilla.org/security/announce/2013/mfsa2013-96.html
[9] Mozilla Foundation Security Advisory 2013-95
http://www.mozilla.org/security/announce/2013/mfsa2013-95.html
[10] Mozilla Foundation Security Advisory 2013-94
http://www.mozilla.org/security/announce/2013/mfsa2013-94.html
[11] Mozilla Foundation Security Advisory 2013-93
http://www.mozilla.org/security/announce/2013/mfsa2013-93.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUnBjChLndAQH1ShLAQJEMRAAkztNMFFeqOkhKfnbTusf2WAvWPwfnAtb
MYQkKwdva13XC5mwRAVzzpKeh1zOuAjMMHjGr/T37CwJQMQnJ+tPU/7n6wG93+eV
JAYC1Sh3WlGNN066hhaScfUFuhOSAmq3XXrQ9eNYUmnVhABEn6YrMWeHnfiJ+J9R
xsMsxyOgGOgFZMRHuX/tJf5aHRdOMIHi0/8Ow7wt4xeyhAv5kqufeptfcGr8yAQY
wnh+fnMLvCxa3SIpnUBZ5rhr4wH6sW/+lTXICGfWkC32Y4Hx7FxXU3YMYskrJOfW
LDAjKrd0SihMgS1ibi8dUNLXmKvLRzsV1b1AxJlLaaAEb16BorAHxiDi8zkHW7Dm
hkTtGqRCrPytxiNvfXEFAMowbBR+rEMT6V9juWp8kgqvUTc1+RswHea0Jk46PSKD
E2F8H0VTmmlgAO+0q8WI0miHYp4ryFnT5M7dTFuUQrECqUOswh/qDYBetlaenEIv
L+B6RFNVNHvyepOqY40HCwwjBzh4wpzdsiVLhNSBKWAs6AdtPliTPdj7w8C4VnjR
4QuVOhbq6WiQKptuvzWA8pMRkeDh+6YLnuAyW0cZHk58cy0c3JFwVAPIPPx3mqcQ
bEWSzICVCW88VXO55/hGRiTD6qfVy063hdM0bG2oynoVOJc8Mhff796ZGf0cp/G2
EhREhSphLaw=
=pQSr
-----END PGP SIGNATURE-----