Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0084 A number of vulnerabilities have been identified in Mozilla Firefox, Mozilla Firefox ESR and Thunderbird. 23 July 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird Operating System: Windows UNIX variants (UNIX, Linux, OSX) Android Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-1561 CVE-2014-1560 CVE-2014-1559 CVE-2014-1558 CVE-2014-1557 CVE-2014-1556 CVE-2014-1555 CVE-2014-1552 CVE-2014-1551 CVE-2014-1550 CVE-2014-1549 CVE-2014-1548 CVE-2014-1547 CVE-2014-1544 Member content until: Friday, August 22 2014 OVERVIEW A number of vulnerabilities have been identified in Mozilla Firefox, Mozilla Firefox ESR and Thunderbird. [1] IMPACT The vendor has provided the following details regarding these vulnerabilities: "CVE-2014-1547,CVE-2014-1548: Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code." [2] "CVE-2014-1549: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow during interaction with the Web Audio buffer for playback because of an error in the the amount of allocated memory for buffers. This leads to a potentially exploitable crash with some audio content."[3] "CVE-2014-1550: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a use-after-free in Web Audio due to an issue with how control messages for Web Audio are ordered and processed. This leads to a potentially exploitable crash." [4] "CVE-2014-1551: Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash." [5] "CVE-2014-1561: Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons within the visible window but does not otherwise affect customization or window content." [6] "CVE-2014-1555: Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs." [7] "CVE-2014-1556: Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable." [8] "CVE-2014-1544: Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are still in use by the trusted cache. This crash is potentially exploitable." [9] "CVE-2014-1557: Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems." [10] "CVE-2014-1558, CVE-2014-1559, CVE-2014-1560: Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result of using characters that were not ASCII in certificates while a function expected only ASCII formatted text. All of these issues causes the certificates to be incorrectly parsed, leading to a potential inability to use valid SSL certificates." [11] "CVE-2014-1552: Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an <iframe> sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval. " [12] MITIGATION It is recommended that users update to the latest versions of Mozilla Firefox, Firefox ESR and Thunderbird to correct these issues. [1 - 12] REFERENCES [1] Security Advisories for Firefox https://www.mozilla.org/security/known-vulnerabilities/firefox.html [2] Mozilla Foundation Security Advisory 2014-56 https://www.mozilla.org/security/announce/2014/mfsa2014-56.html [3] Mozilla Foundation Security Advisory 2014-57 https://www.mozilla.org/security/announce/2014/mfsa2014-57.html [4] Mozilla Foundation Security Advisory 2014-58 https://www.mozilla.org/security/announce/2014/mfsa2014-58.html [5] Mozilla Foundation Security Advisory 2014-59 https://www.mozilla.org/security/announce/2014/mfsa2014-59.html [6] Mozilla Foundation Security Advisory 2014-60 https://www.mozilla.org/security/announce/2014/mfsa2014-60.html [7] Mozilla Foundation Security Advisory 2014-61 https://www.mozilla.org/security/announce/2014/mfsa2014-61.html [8] Mozilla Foundation Security Advisory 2014-62 https://www.mozilla.org/security/announce/2014/mfsa2014-62.html [9] Mozilla Foundation Security Advisory 2014-63 https://www.mozilla.org/security/announce/2014/mfsa2014-63.html [10] Mozilla Foundation Security Advisory 2014-64 https://www.mozilla.org/security/announce/2014/mfsa2014-64.html [11] Mozilla Foundation Security Advisory 2014-65 https://www.mozilla.org/security/announce/2014/mfsa2014-65.html [12] Mozilla Foundation Security Advisory 2014-66 https://www.mozilla.org/security/announce/2014/mfsa2014-66.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU88ALBLndAQH1ShLAQJyrg//aC6+VgCg337DUKUQfkDSvtMJS/vcwqdF DZIpAWVXKVfgjFt+ZnY3dQ7OBRe+d4tY4TmZ76SECobK1thDUD8yLY9Z6t8Gq6pO llnjsv7TkmNDsD8lPhSDvTKeTAB8gKuTuaZ0TyU4YVOzFHvxBVCpuJHjlKaUtjzw PlYN2b8sET7T/0x3jrNmuDH5EpyVYou6i9K6g+Bhon3Cf4WQhNxCR2LBDgX40iR7 ZCs3C785l+s+kgKwHkuFSbnALNCZT/QssZ/ESa6XB4Ww7yjTS/d1MnEWd/IFqliq M0AJftVMIOHH/U7EpOcBKLiWKK27k5BbAhn6CZZWOeMRzReGJy70Q6fsBHh3D9Iv cs6Q32ItLW3N7FQY6gmS56Y+JqdF3hHmYtfcYq9+SRwIr79XIS+1vnB2JsaqnmFR MwfHnBa/QDJPjg9yeNRVQcC5B8HbNJxqauBnq1KSOje8idwG8A1amJhjQTPvfaAd O1VzJ9LZpnpyiWIsJhXkm2n/6eHWYkfZx3eiHBMTnAS+bv0AGuDQa7BYQQcpIvkO XJ8FXm4zKgEaFPcdravFUTUoEWfLVQWhfQ3otyE8Gm6F3DfXu/xxxS3NwF64Gxx4 0qvJGjXq7UEabZM86FZXIXMOQOcfSgEmVv6J2P6YDIiunyBCMrc3ldxUCTlHYDY0 /CUlxD1Qfds= =XdJO -----END PGP SIGNATURE-----