MGASA-2015-0382

Updated firefox packages fix security vulnerabilities:

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox that could cause memory corruption and crashes or potentially allow for arbitrary code execution (CVE-2015-4500).

Using the Address Sanitizer tool, security researcher Atte Kettunen discovered a buffer overflow in the nestegg library when decoding a WebM format video with maliciously formatted headers. This leads to a potentially exploitable crash (CVE-2015-4511).

An anonymous researcher reported, via HP's Zero Day Initiative, a use-after-free vulnerability with HTML media elements on a page during script manipulation of the URI table of these elements. This results in a potentially exploitable crash (CVE-2015-4509).

Security researcher Mario Gomes reported that when a previously loaded image on a page is drag and dropped into content after a redirect, the redirected URL is available to scripts. This is a violation of the Fetch specification's defined behavior for "Atomic HTTP redirect handling" which states that redirected URLs are not exposed to any APIs. This can allow for information leakage (CVE-2015-4519).

Mozilla developer Ehsan Akhgari reported two issues with Cross-origin resource sharing (CORS) "preflight" requests. The first issue is that in some circumstances the same cache key can be generated for two preflight requests on a site. As a result, if a second request is made that will match the cached key generated by an earlier request, CORS checks will be bypassed because the system will see the previously cached request as applicable (CVE-2015-4520). In the second issue, when some Access-Control- headers are missing from CORS responses, the values from different Access-Control- headers can be used that present in the same response.

Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180).