Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.0266.2
Firefox vulnerabilities
7 February 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: firefox
Publisher: Ubuntu
Operating System: Ubuntu
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Remote with User Interaction
Access Privileged Data -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2017-5396 CVE-2017-5393 CVE-2017-5391
CVE-2017-5390 CVE-2017-5389 CVE-2017-5388
CVE-2017-5387 CVE-2017-5386 CVE-2017-5385
CVE-2017-5384 CVE-2017-5383 CVE-2017-5382
CVE-2017-5381 CVE-2017-5380 CVE-2017-5379
CVE-2017-5378 CVE-2017-5377 CVE-2017-5376
CVE-2017-5375 CVE-2017-5374 CVE-2017-5373
Original Bulletin:
http://www.ubuntu.com/usn/usn-3175-2
http://www.ubuntu.com/usn/usn-3175-1
Revision History: February 7 2017: USN-3175-1 introduced a regression in Firefox
January 30 2017: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
==========================================================================
Ubuntu Security Notice USN-3175-2
February 06, 2017
firefox regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- - Ubuntu 16.10
- - Ubuntu 16.04 LTS
- - Ubuntu 14.04 LTS
- - Ubuntu 12.04 LTS
Summary:
USN-3175-1 introduced a regression in Firefox.
Software Description:
- - firefox: Mozilla Open Source web browser
Details:
USN-3175-1 fixed vulnerabilities in Firefox. The update caused a
regression on systems where the AppArmor profile for Firefox is set to
enforce mode. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple memory safety issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
rash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)
JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5375)
Nicolas Gregoire discovered a use-after-free when manipulating XSL in
XSLT documents in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2017-5376)
Atte Kettunen discovered a memory corruption issue in Skia in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5377)
Jann Horn discovered that an object's address could be discovered through
hashed codes of JavaScript objects shared between pages. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to obtain sensitive information. (CVE-2017-5378)
A use-after-free was discovered in Web Animations in some circumstances.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2017-5379)
A use-after-free was discovered during DOM manipulation of SVG content in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2017-5380)
Jann Horn discovered that the "export" function in the Certificate Viewer
can force local filesystem navigation when the Common Name contains
slashes. If a user were tricked in to exporting a specially crafted
certificate, an attacker could potentially exploit this to save content
with arbitrary filenames in unsafe locations. (CVE-2017-5381)
Jerri Rice discovered that the Feed preview for RSS feeds can be used to
capture errors and exceptions generated by privileged content. An attacker
could potentially exploit this to obtain sensitive information.
(CVE-2017-5382)
Armin Razmjou discovered that certain unicode glyphs do not trigger
punycode display. An attacker could potentially exploit this to spoof the
URL bar contents. (CVE-2017-5383)
Paul Stone and Alex Chapman discovered that the full URL path is exposed
to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a
user has enabled Web Proxy Auto Detect (WPAD), an attacker could
potentially exploit this to obtain sensitive information. (CVE-2017-5384)
Muneaki Nishimura discovered that data sent in multipart channels will
ignore the Referrer-Policy response headers. An attacker could potentially
exploit this to obtain sensitive information. (CVE-2017-5385)
Muneaki Nishimura discovered that WebExtensions can affect other
extensions using the data: protocol. If a user were tricked in to
installing a specially crafted addon, an attacker could potentially
exploit this to obtain sensitive information or gain additional
privileges. (CVE-2017-5386)
Mustafa Hasan discovered that the existence of local files can be
determined using the <track> element. An attacker could potentially
exploit this to obtain sensitive information. (CVE-2017-5387)
Cullen Jennings discovered that WebRTC can be used to generate large
amounts of UDP traffic. An attacker could potentially exploit this to
conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)
Kris Maglione discovered that WebExtensions can use the mozAddonManager
API by modifying the CSP headers on sites with the appropriate permissions
and then using host requests to redirect script loads to a malicious site.
If a user were tricked in to installing a specially crafted addon, an
attacker could potentially exploit this to install additional addons
without user permission. (CVE-2017-5389)
Jerri Rice discovered insecure communication methods in the Dev Tools JSON
Viewer. An attacker could potentially exploit this to gain additional
privileges. (CVE-2017-5390)
Jerri Rice discovered that about: pages used by content can load
privileged about: pages in iframes. An attacker could potentially exploit
this to gain additional privileges, in combination with a
content-injection bug in one of those about: pages. (CVE-2017-5391)
Stuart Colville discovered that mozAddonManager allows for the
installation of extensions from the CDN for addons.mozilla.org, a publicly
accessible site. If a user were tricked in to installing a specially
crafted addon, an attacker could potentially exploit this, in combination
with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to
install additional addons. (CVE-2017-5393)
Filipe Gomes discovered a use-after-free in the media decoder in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5396)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
firefox 51.0.1+build2-0ubuntu0.16.10.2
Ubuntu 16.04 LTS:
firefox 51.0.1+build2-0ubuntu0.16.04.2
Ubuntu 14.04 LTS:
firefox 51.0.1+build2-0ubuntu0.14.04.2
Ubuntu 12.04 LTS:
firefox 51.0.1+build2-0ubuntu0.12.04.2
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3175-2
http://www.ubuntu.com/usn/usn-3175-1
https://launchpad.net/bugs/1659922
Package Information:
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.16.10.2
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.14.04.2
https://launchpad.net/ubuntu/+source/firefox/51.0.1+build2-0ubuntu0.12.04.2
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWJlQl4x+lLeg9Ub1AQhUcRAAoXIKEhHzf2ebo5FSBLEwdNrEIJmV3+mD
CxdJy8YWHBwTwYT5KMKp7OIZXzD+gfrHDtHmSpUiT/pupdxXDMPoXY1AlWaDeGvU
M7CWcWnRslm78eBPTjWHCoR1XJsi5Fe7aM3vwO8IV/2l//ZBAS94ec0LuEv3kYvm
/OPOHwjuaDq6DAHdODIFf9gYwFZo7inOR4k0ty/mJNMgp1yTXs3ePzBQrGz3fdMN
W2Y4wXn7HKTHtrYBYgAYHKdxlIauwYhkEL4Knj0Hwf5pK5tYgui+DfCdaNlymLls
FmdkyvW+OfiWPC+NasGM2ICWrOisaLRmSPYMPUa7YQFU5PgKIbwnhOg+8Oqiajvb
z6ZfQYgYSx+LcYcD01jrUxHVdCtHSNs4kO+WVJ/0gwGIky7HS9K56ptu8d4nXh5f
JHsH+7Isg0L0leFGuwBXaXEOT99uz9kMzxuCpx465Txo4mKIMLl5OPAnCmu1CGLj
gv6cWryi09/aDrXxmbNW4KuVcDSmQC63beeo61ZTy1I/c0CCA10yG9bqtAyb8q7a
BeYChT1uy1Jf9RZ1C70WMcwZNOxGydAl3CI9sReUiWoC3w5hCjA2FBk22qAyoeJo
GwrlwKNYRw837mWotyOlQzE4eyoHW+URdRUX1U/OTjSmt2mx6wxFdvjw6YMM0ohF
s9R1CMm5yzw=
=4Y/l
-----END PGP SIGNATURE-----