Firefox could be made to crash if it opened a malicious website.
Ubuntu have just released a security notice regarding Firefox vulberability which affects Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS and Ubuntu 12.04 LTS.
If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit or conduct cross-site scripting (XSS) attacks.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 15.10:
- firefox 42.0+build2-0ubuntu0.15.10.1
- Ubuntu 15.04:
- firefox 42.0+build2-0ubuntu0.15.04.1
- Ubuntu 14.04 LTS:
- firefox 42.0+build2-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
- firefox 42.0+build2-0ubuntu0.12.04.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Firefox to make all the necessary changes.
Tyson Smith and David Keeler discovered a use-after-poison and buffer overflow in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7181, CVE-2015-7182)
Ryan Sleevi discovered an integer overflow in NSPR. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7183)
Jason Hamilton, Peter Arremann and Sylvain Giroux discovered that panels created via the Addon SDK with { script: false } could still execute inline script. If a user installed an addon that relied on this as a security mechanism, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, depending on the source of the panel content. (CVE-2015-7187)
Michał Bentkowski discovered that adding white-space to hostnames that are IP address can bypass same-origin protections. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2015-7188)
Looben Yang discovered a buffer overflow during script interactions with the canvas element in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7189)
Shinto K Anto discovered that CORS preflight is bypassed when receiving non-standard Content-Type headers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions. (CVE-2015-7193)
Gustavo Grieco discovered a buffer overflow in libjar in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7194)
Frans Rosén discovered that certain escaped characters in the Location header are parsed incorrectly, resulting in a navigation to the previously parsed version of a URL. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain site specific tokens. (CVE-2015-7195)
Vytautas Staraitis discovered a garbage collection crash when interacting with Java applets in some circumstances. If a user were tricked in to opening a specially crafted website with the Java plugin installed, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7196)
Ehsan Akhgari discovered a mechanism for a web worker to bypass secure requirements for web sockets. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to bypass the mixed content web socket policy. (CVE-2015-7197)
Ronald Crane discovered several vulnerabilities through code-inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7198, CVE-2015-7199, CVE-2015-7200)
