USN-3076-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-3076-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3076-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3076-1
Related
Published
2016-09-22T16:35:26.860742Z
Modified
2016-09-22T16:35:26.860742Z
Summary
firefox vulnerabilities
Details

Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy (CSP) directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-2827)

Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257)

Atte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270)

Abhishek Arya discovered an out of bounds read during the processing of text runs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-5271)

Abhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272)

A crash was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5273)

A use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274)

A buffer overflow was discovered when working with empty filters during canvas rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5275)

A use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276)

A use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5277)

A buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278)

Rafael Gieschke discovered that the full path of files is available to web pages after a drag and drop operation. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5279)

Mei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280)

Brian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281)

Richard Newman discovered that favicons can be loaded through protocols not in the allowlist, such as jar:. (CVE-2016-5282)

Gavin Sharp discovered a timing attack vulnerability involving document resizes and link colours. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5283)

An issue was discovered with the preloaded Public Key Pinning (HPKP). If a machine-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284)

References

Affected packages

Ubuntu:14.04:LTS / firefox

Package

Name
firefox
Purl
pkg:deb/ubuntu/firefox@49.0+build4-0ubuntu0.14.04.1?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
49.0+build4-0ubuntu0.14.04.1

Affected versions

24.*

24.0+build1-0ubuntu1

25.*

25.0+build3-0ubuntu0.13.10.1

28.*

28.0~b2+build1-0ubuntu2
28.0+build1-0ubuntu1
28.0+build2-0ubuntu1
28.0+build2-0ubuntu2

29.*

29.0+build1-0ubuntu0.14.04.2

30.*

30.0+build1-0ubuntu0.14.04.3

31.*

31.0+build1-0ubuntu0.14.04.1

32.*

32.0+build1-0ubuntu0.14.04.1
32.0.3+build1-0ubuntu0.14.04.1

33.*

33.0+build2-0ubuntu0.14.04.1

34.*

34.0+build2-0ubuntu0.14.04.1

35.*

35.0+build3-0ubuntu0.14.04.2
35.0.1+build1-0ubuntu0.14.04.1

36.*

36.0+build2-0ubuntu0.14.04.4
36.0.1+build2-0ubuntu0.14.04.1
36.0.4+build1-0ubuntu0.14.04.1

37.*

37.0+build2-0ubuntu0.14.04.1
37.0.1+build1-0ubuntu0.14.04.1
37.0.2+build1-0ubuntu0.14.04.1

38.*

38.0+build3-0ubuntu0.14.04.1

39.*

39.0+build5-0ubuntu0.14.04.1
39.0.3+build2-0ubuntu0.14.04.1

40.*

40.0+build4-0ubuntu0.14.04.1
40.0+build4-0ubuntu0.14.04.4
40.0.3+build1-0ubuntu0.14.04.1

41.*

41.0+build3-0ubuntu0.14.04.1
41.0.1+build2-0ubuntu0.14.04.1
41.0.2+build2-0ubuntu0.14.04.1

42.*

42.0+build2-0ubuntu0.14.04.1

43.*

43.0+build1-0ubuntu0.14.04.1
43.0.4+build3-0ubuntu0.14.04.1

44.*

44.0+build3-0ubuntu0.14.04.1
44.0.1+build2-0ubuntu0.14.04.1
44.0.2+build1-0ubuntu0.14.04.1

45.*

45.0+build2-0ubuntu0.14.04.1
45.0.1+build1-0ubuntu0.14.04.2
45.0.2+build1-0ubuntu0.14.04.1

46.*

46.0+build5-0ubuntu0.14.04.2
46.0.1+build1-0ubuntu0.14.04.3

47.*

47.0+build3-0ubuntu0.14.04.1

48.*

48.0+build2-0ubuntu0.14.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "firefox-locale-nl": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-kn": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-gl": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-sv": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-eo": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-fy": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-or": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-az": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-lt": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-hy": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-kk": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-km": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-uk": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-sr": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ca": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-is": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-dbg": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-testsuite": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ga": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-it": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ja": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-lg": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ms": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-dev": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-mozsymbols": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ko": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-hr": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-mai": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-nb": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-zh-hans": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-vi": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-he": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-sw": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-el": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-oc": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-xh": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-nn": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ar": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-csb": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-hsb": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-cs": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-gn": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-zu": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ro": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-globalmenu": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-af": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-nso": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-sk": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-si": "49.0+build4-0ubuntu0.14.04.1",
            "firefox": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-cy": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-dbgsym": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-cak": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-sq": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-en": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-tr": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-br": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-et": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ast": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-th": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-da": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-fi": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ku": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-fa": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-mn": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ru": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-mk": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-bg": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-hu": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-gu": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-bn": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ml": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-an": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-be": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-eu": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-fr": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-pa": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-as": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-lv": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-mr": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-bs": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-te": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ta": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-ka": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-id": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-gd": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-hi": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-uz": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-pl": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-es": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-de": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-zh-hant": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-pt": "49.0+build4-0ubuntu0.14.04.1",
            "firefox-locale-sl": "49.0+build4-0ubuntu0.14.04.1"
        }
    ]
}

Ubuntu:16.04:LTS / firefox

Package

Name
firefox
Purl
pkg:deb/ubuntu/firefox@49.0+build4-0ubuntu0.16.04.1?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
49.0+build4-0ubuntu0.16.04.1

Affected versions

41.*

41.0.2+build2-0ubuntu1

42.*

42.0+build2-0ubuntu1

44.*

44.0+build3-0ubuntu2
44.0.1+build1-0ubuntu1
44.0.2+build1-0ubuntu1

45.*

45.0+build2-0ubuntu1
45.0.1+build1-0ubuntu1
45.0.2+build1-0ubuntu1

46.*

46.0+build5-0ubuntu0.16.04.2
46.0.1+build1-0ubuntu0.16.04.2

47.*

47.0+build3-0ubuntu0.16.04.1

48.*

48.0+build2-0ubuntu0.16.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "firefox-locale-nl": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-kn": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-gl": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-sv": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-eo": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-fy": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-or": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-az": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-lt": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-hy": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-kk": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-km": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-uk": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-sr": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ca": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-is": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-dbg": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-testsuite": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ga": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-it": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ja": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-lg": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ms": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-dev": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-mozsymbols": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ko": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-hr": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-mai": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-nb": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-zh-hans": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-vi": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-he": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-sw": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-el": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-oc": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-xh": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-nn": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ar": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-csb": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-hsb": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-cs": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-gn": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-zu": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ro": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-globalmenu": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-af": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-nso": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-sk": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-si": "49.0+build4-0ubuntu0.16.04.1",
            "firefox": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-cy": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-dbgsym": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-cak": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-sq": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-en": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-tr": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-br": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-et": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ast": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-th": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-da": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-fi": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ku": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-fa": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-mn": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ru": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-mk": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-bg": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-hu": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-gu": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-bn": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ml": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-an": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-be": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-eu": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-fr": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-pa": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-as": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-lv": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-mr": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-bs": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-te": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ta": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-ka": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-id": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-gd": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-hi": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-uz": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-pl": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-es": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-de": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-zh-hant": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-pt": "49.0+build4-0ubuntu0.16.04.1",
            "firefox-locale-sl": "49.0+build4-0ubuntu0.16.04.1"
        }
    ]
}