-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2015.0087
    A number of vulnerabilities have been identified in Mozilla Firefox
                              28 August 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Mozilla Firefox
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2015-4498 CVE-2015-4497 
Member content until: Sunday, September 27 2015

OVERVIEW

        A number of vulnerabilities have been identified in Mozilla Firefox
        prior to version Mozilla Firefox 40.0.3 and Mozilla Firefox ESR 
        38.2.1. [1]


IMPACT

        The vendor has provided the following details regarding these 
        issues:
        
        CVE-2015-4497: "Mozilla community member Jean-Max Reymond discovered
        a use-after-free vulnerability with a <canvas> element on a page. 
        This occurs when a resize event is triggered in concert with style 
        changes but the canvas references have been recreated in the 
        meantime, destroying the originally referenced context. This results
        in an exploitable crash.
        
        Ucha Gobejishvili, working with HP's Zero Day Initiative, 
        subsequently reported this same issue." [1]
        
        CVE-2015-4498: "Security researcher Bas Venis reported a mechanism 
        where add-ons could be installed from a different source than user 
        expectations. Normally, when a user enters the URL to an add-on 
        directly in the addressbar, warning prompts are bypassed because it
        is the result of direct user action. He discovered that a data: URL
        could be manipulated on a loaded page to simulate this direct user 
        input of the add-on's URL, which would result in a bypassing of the
        install permission prompt. He also reported that in the absence of 
        the permission prompt, it is possible to cause the actual 
        installation prompt to appear above another site's location by 
        causing a page navigation immediately after triggering add-on 
        installation. This could manipulate a user into falsely believing a
        trusted site (such as addons.mozilla.org) has initiated the 
        installation. This could lead to users installing an add-on from a 
        malicious source." [2]


MITIGATION

        The vendor recommends updating to the latest versions of Mozilla 
        Firefox to correct these issues. [1, 2]


REFERENCES

        [1] Mozilla Foundation Security Advisory 2015-94
            https://www.mozilla.org/en-US/security/advisories/mfsa2015-94/

        [2] Mozilla Foundation Security Advisory 2015-95
            https://www.mozilla.org/en-US/security/advisories/mfsa2015-95/

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVd+rC36ZAP0PgtI9AQKB2w/6AlbFoqnMFGremoHRsDJooyi9I/85uMBQ
Kmd1k/Xjhqv3GeiaqOzQG+OEz7x7sP/sysujvggX5vhQYLycOwZ5o1ojkVkhbGcO
un5qLsSi3r7lbJH61Eg3NvdR4/DFFcaGF9C4afv4pXcwhoKl/SnexXzTujS6kA2m
pOxWECiSA8HAm2aYxx5WUp8fIpQvKmZrN2/YJXRUvywoiEoBOD1bnJcsT8d871V9
WzY59hqcVAgyDdq7l/CRhSaTEGp1ByKSp93pfwZ/S1qXev+nwXLqdPrfZwIk8Tuv
C4WvDEZpysF4k8EnoF05B6KNXml6oeIqHAYuQIgUdaFiggRRQGMwy8kynP0IyICI
X5pzoISUe+T/gfaPPMNhVIZu3RLeL7r0SQjE/aiUo9Q8wdzk7d6os1yhFcPpQapd
rHN95HDQNeTXr1gz9ILR6yGiFP4FRZ1C5QHXA9zrQrvxz7NjmeKWLbobtRNeBspt
spzxiv8KPktDfKmvzGnbIZPw2qW7X1a+H42cqH7o9FVXcd6Wxvap/DZgPi+IfINz
wgrUDn5T0znW9EUFgT04zOMQtaLbL0cOy5fO519LEJQ/DH1grtAd4Pgz5AysOakp
skw2ah1r4Ro0wlh69cawmCEl/0sISalXSpu4L1MwpcHrCdeQQK7jy9PvJZZSLQcU
5MMjMr3x3jQ=
=q7kc
-----END PGP SIGNATURE-----