Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0066 A number of vulnerabilities have been identified in Mozilla Firefox, Mozilla Firefox ESR and Thunderbird 11 June 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird Operating System: Windows UNIX variants (UNIX, Linux, OSX) Android Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-1543 CVE-2014-1542 CVE-2014-1541 CVE-2014-1540 CVE-2014-1539 CVE-2014-1538 CVE-2014-1537 CVE-2014-1536 CVE-2014-1534 CVE-2014-1533 Member content until: Friday, July 11 2014 OVERVIEW A number of vulnerabilities have been identified in Mozilla Firefox, Mozilla Firefox ESR and Thunderbird. IMPACT The vendor has provided the following details regarding these vulnerabilities: CVE-2014-1533,CVE-2014-1534:"Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code." [1] CVE-2014-1536,CVE-2014-1537,CVE-2014-1538:"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a number of use-after-free and out of bounds read issues using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution." [2] CVE-2014-1539:"Security researcher Jordi Chancel reported a mechanism where the cursor can be rendered invisible after it has been used on an embedded flash object when used outside of the object. This flaw can be in used in combination with an image of the cursor manipulated through JavaScript, leading to clickjacking during interactions with HTML content subsequently. This issue only affects OS X and is not present on Windows or Linux systems." [3] CVE-2014-1540:"Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free in the event listener manager. This can be triggered by web content and leads to a potentially exploitable crash. This issue was introduced in Firefox 29 and does not affect earlier versions." [4] CVE-2014-1541:"Security researcher Nils used the Address Sanitizer to discover a use-after-free problem with the SMIL Animation Controller when interacting with and rendering improperly formed web content. This causes a potentially exploitable crash." [5] CVE-2014-1542:"Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover a buffer overflow with the Speex resampler in Web Audio when working with audio content that exceeds expected bounds. This leads to a potentially exploitable crash." [6] CVE-2014-1543:"Security researcher Looben Yang reported a buffer overflow in Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This can be either an actual physical device or by the installation of a virtual gamepad. This results in a potentially exploitable crash. The Gamepad API was introduced in Firefox 29 and this issue does not affect earlier versions." [7] MITIGATION It is recommended that users update to the latest versions of Mozilla Firefox, Firefox ESR and Thunderbird to correct these issues. [1-7] REFERENCES [1] Mozilla Foundation Security Advisory 2014-48 https://www.mozilla.org/security/announce/2014/mfsa2014-48.html [2] Mozilla Foundation Security Advisory 2014-49 https://www.mozilla.org/security/announce/2014/mfsa2014-49.html [3] Mozilla Foundation Security Advisory 2014-50 https://www.mozilla.org/security/announce/2014/mfsa2014-50.html [4] Mozilla Foundation Security Advisory 2014-51 https://www.mozilla.org/security/announce/2014/mfsa2014-51.html [5] Mozilla Foundation Security Advisory 2014-52 https://www.mozilla.org/security/announce/2014/mfsa2014-52.html [6] Mozilla Foundation Security Advisory 2014-53 https://www.mozilla.org/security/announce/2014/mfsa2014-53.html [7] Mozilla Foundation Security Advisory 2014-54 https://www.mozilla.org/security/announce/2014/mfsa2014-54.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU5e2DxLndAQH1ShLAQL7RQ/+L31hh45C95rUP9jfYn/GZzfs3qqvH15F O+jJfFcQr0hhy8iOvyD6wOF5DycPXWNRZMQbs0guFAmjCZPHLyzRcMJX8mX2hez1 LmJ+4bAb/t1rt5+h6k95unFOaqOGRg90CSuEMtaLg90SitIVysrKBNLXOCwN5rYJ UFe5J5sjRy+dKl/ukEjvpSMj5M+A9eb7emtZy0q4l8bCcux27T9aTBqlLTkF2FGS 3f5+w93HgjcbOPXRVUlD/nZM9JxAL37lJARW7rp64bMYwqVsfaNkeXO9Q9yQzMQK BJMt4p7Y2q4QpU7teSAO0gytieCdu7r92LaZS279sXN2UoMap9+sMIxPiC382kmt oQ/SyfD4gxqPYR4ZXmFMxoOSRVuHi18cQCp3m8jQTGmiHy7wDYng7tRrqvszMNPH G4/rd0Zb6oeW9reumfpCCjy8jVfqjdJpW2IcxJQX1LkfYDEUPUCpHGHiqv5KfilC h1TyVt15FL0xS/2LwR3wILviEFuvM3rDIRGG8Fat6SLMsKFwZivrRKrvlp4PqpaD nt9OPcn0ubhks0nqIHjF4gfJy9ZtY+uX++9rlnGBXkYYMOt7ycWDlikE96aBzREX Z2Jb1A1Ya2SA8z7oIz4HCXKp3/OcEFbDI7jR0F+sJe159dibiTsTuDPuSnA2mRqX vGS9JAiKQzQ= =UNyQ -----END PGP SIGNATURE-----