-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0066
        A number of vulnerabilities have been identified in Mozilla
               Firefox, Mozilla Firefox ESR and Thunderbird
                               11 June 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Mozilla Firefox
                      Mozilla Firefox ESR
                      Mozilla Thunderbird
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
                      Android
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-1543 CVE-2014-1542 CVE-2014-1541
                      CVE-2014-1540 CVE-2014-1539 CVE-2014-1538
                      CVE-2014-1537 CVE-2014-1536 CVE-2014-1534
                      CVE-2014-1533  
Member content until: Friday, July 11 2014

OVERVIEW

        A number of vulnerabilities have been identified in Mozilla
        Firefox, Mozilla Firefox ESR and Thunderbird.


IMPACT

        The vendor has provided the following details regarding these 
        vulnerabilities:
        
        CVE-2014-1533,CVE-2014-1534:"Mozilla developers and community 
        identified identified and fixed several memory safety bugs in the 
        browser engine used in Firefox and other Mozilla-based products. 
        Some of these bugs showed evidence of memory corruption under 
        certain circumstances, and we presume that with enough effort at 
        least some of these could be exploited to run arbitrary code." [1]
        
        CVE-2014-1536,CVE-2014-1537,CVE-2014-1538:"Security researcher 
        Abhishek Arya (Inferno) of the Google Chrome Security Team 
        discovered a number of use-after-free and out of bounds read issues
        using the Address Sanitizer tool. These issues are potentially 
        exploitable, allowing for remote code execution." [2]
        
        CVE-2014-1539:"Security researcher Jordi Chancel reported a 
        mechanism where the cursor can be rendered invisible after it has 
        been used on an embedded flash object when used outside of the 
        object. This flaw can be in used in combination with an image of the
        cursor manipulated through JavaScript, leading to clickjacking 
        during interactions with HTML content subsequently. This issue only
        affects OS X and is not present on Windows or Linux systems." [3]
        
        CVE-2014-1540:"Security researchers Tyson Smith and Jesse 
        Schwartzentruber of the BlackBerry Security Automated Analysis Team
        used the Address Sanitizer tool while fuzzing to discover a 
        use-after-free in the event listener manager. This can be triggered
        by web content and leads to a potentially exploitable crash. This 
        issue was introduced in Firefox 29 and does not affect earlier 
        versions." [4]
        
        CVE-2014-1541:"Security researcher Nils used the Address Sanitizer 
        to discover a use-after-free problem with the SMIL Animation 
        Controller when interacting with and rendering improperly formed web
        content. This causes a potentially exploitable crash." [5]
        
        CVE-2014-1542:"Security researcher Holger Fuhrmannek used the used 
        the Address Sanitizer tool to discover a buffer overflow with the 
        Speex resampler in Web Audio when working with audio content that 
        exceeds expected bounds. This leads to a potentially exploitable 
        crash." [6]
        
        CVE-2014-1543:"Security researcher Looben Yang reported a buffer 
        overflow in Gamepad API when it is exercised with a gamepad device 
        with non-contiguous axes. This can be either an actual physical 
        device or by the installation of a virtual gamepad. This results in
        a potentially exploitable crash. The Gamepad API was introduced in 
        Firefox 29 and this issue does not affect earlier versions." [7]


MITIGATION

        It is recommended that users update to the latest versions of 
        Mozilla Firefox, Firefox ESR and Thunderbird to correct these 
        issues. [1-7]


REFERENCES

        [1] Mozilla Foundation Security Advisory 2014-48
            https://www.mozilla.org/security/announce/2014/mfsa2014-48.html

        [2] Mozilla Foundation Security Advisory 2014-49
            https://www.mozilla.org/security/announce/2014/mfsa2014-49.html

        [3] Mozilla Foundation Security Advisory 2014-50
            https://www.mozilla.org/security/announce/2014/mfsa2014-50.html

        [4] Mozilla Foundation Security Advisory 2014-51
            https://www.mozilla.org/security/announce/2014/mfsa2014-51.html

        [5] Mozilla Foundation Security Advisory 2014-52
            https://www.mozilla.org/security/announce/2014/mfsa2014-52.html

        [6] Mozilla Foundation Security Advisory 2014-53
            https://www.mozilla.org/security/announce/2014/mfsa2014-53.html

        [7] Mozilla Foundation Security Advisory 2014-54
            https://www.mozilla.org/security/announce/2014/mfsa2014-54.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU5e2DxLndAQH1ShLAQL7RQ/+L31hh45C95rUP9jfYn/GZzfs3qqvH15F
O+jJfFcQr0hhy8iOvyD6wOF5DycPXWNRZMQbs0guFAmjCZPHLyzRcMJX8mX2hez1
LmJ+4bAb/t1rt5+h6k95unFOaqOGRg90CSuEMtaLg90SitIVysrKBNLXOCwN5rYJ
UFe5J5sjRy+dKl/ukEjvpSMj5M+A9eb7emtZy0q4l8bCcux27T9aTBqlLTkF2FGS
3f5+w93HgjcbOPXRVUlD/nZM9JxAL37lJARW7rp64bMYwqVsfaNkeXO9Q9yQzMQK
BJMt4p7Y2q4QpU7teSAO0gytieCdu7r92LaZS279sXN2UoMap9+sMIxPiC382kmt
oQ/SyfD4gxqPYR4ZXmFMxoOSRVuHi18cQCp3m8jQTGmiHy7wDYng7tRrqvszMNPH
G4/rd0Zb6oeW9reumfpCCjy8jVfqjdJpW2IcxJQX1LkfYDEUPUCpHGHiqv5KfilC
h1TyVt15FL0xS/2LwR3wILviEFuvM3rDIRGG8Fat6SLMsKFwZivrRKrvlp4PqpaD
nt9OPcn0ubhks0nqIHjF4gfJy9ZtY+uX++9rlnGBXkYYMOt7ycWDlikE96aBzREX
Z2Jb1A1Ya2SA8z7oIz4HCXKp3/OcEFbDI7jR0F+sJe159dibiTsTuDPuSnA2mRqX
vGS9JAiKQzQ=
=UNyQ
-----END PGP SIGNATURE-----