USN-3044-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-3044-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-3044-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3044-1
Related
  • CVE-2016-0718
  • CVE-2016-2830
  • CVE-2016-2835
  • CVE-2016-2836
  • CVE-2016-2837
  • CVE-2016-2838
  • CVE-2016-2839
  • CVE-2016-5250
  • CVE-2016-5251
  • CVE-2016-5252
  • CVE-2016-5254
  • CVE-2016-5255
  • CVE-2016-5258
  • CVE-2016-5259
  • CVE-2016-5260
  • CVE-2016-5261
  • CVE-2016-5262
  • CVE-2016-5263
  • CVE-2016-5264
  • CVE-2016-5265
  • CVE-2016-5266
  • CVE-2016-5268
Published
2016-08-05T12:39:55.524086Z
Modified
2016-08-05T12:39:55.524086Z
Summary
firefox vulnerabilities
Details

Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2016-0718)

Toni Huttunen discovered that once a favicon is requested from a site, the remote server can keep the network connection open even after the page is closed. A remote attacked could potentially exploit this to track users, resulting in information disclosure. (CVE-2016-2830)

Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2835, CVE-2016-2836)

A buffer overflow was discovered in the ClearKey Content Decryption Module (CDM) during video playback. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via plugin process crash, or, in combination with another vulnerability to escape the GMP sandbox, execute arbitrary code. (CVE-2016-2837)

Atte Kettunen discovered a buffer overflow when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2838)

Bert Massop discovered a crash in Cairo with version 0.10 of FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-2839)

Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5250)

Firas Salem discovered an issue with non-ASCII and emoji characters in data: URLs. An attacker could potentially exploit this to spoof the addressbar contents. (CVE-2016-5251)

Georg Koppen discovered a stack buffer underflow during 2D graphics rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5252)

Abhishek Arya discovered a use-after-free when the alt key is used with top-level menus. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5254)

Jukka Jylänki discovered a crash during garbage collection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5255)

Looben Yang discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5258)

Looben Yang discovered a use-after-free when working with nested sync events in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5259)

Mike Kaply discovered that plain-text passwords can be stored in session restore if an input field type is changed from "password" to "text" during a session, leading to information disclosure. (CVE-2016-5260)

Samuel Groß discovered an integer overflow in WebSockets during data buffering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5261)

Nikita Arykov discovered that JavaScript event handlers on a <marquee> element can execute in a sandboxed iframe without the allow-scripts flag set. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5262)

A type confusion bug was discovered in display transformation during rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5263)

A use-after-free was discovered when applying effects to SVG elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5264)

Abdulrahman Alqabandi discovered a same-origin policy violation relating to local HTML files and saved shortcut files. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5265)

Rafael Gieschke discovered an information disclosure issue related to drag and drop. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5266)

A text injection issue was discovered with about: URLs. An attacker could potentially exploit this to spoof internal error pages. (CVE-2016-5268)

References

Affected packages

Ubuntu:14.04:LTS / firefox

Package

Name
firefox

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
48.0+build2-0ubuntu0.14.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "firefox-locale-nl": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-kn": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-gl": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-sv": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-kk": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-fy": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-or": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-az": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-lt": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-hy": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-eo": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-km": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-testsuite": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-sr": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-is": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ca": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-uk": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ga": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-it": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ja": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-lg": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ms": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-zh-hans": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-mozsymbols": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ko": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-hr": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-mai": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-nb": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-dev": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-vi": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-he": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-sw": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-el": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-oc": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-xh": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-nn": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ar": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-csb": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-cs": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-gn": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-hsb": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-zu": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ro": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-globalmenu": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-af": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-nso": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-sk": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-si": "48.0+build2-0ubuntu0.14.04.1",
            "firefox": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-cy": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-fa": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-cak": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-sq": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-en": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-tr": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-br": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-et": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ast": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-th": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-da": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-fi": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ku": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-mn": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ru": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-mk": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-bg": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-hu": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-gu": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-bn": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ml": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-an": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-be": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-eu": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-fr": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-pa": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-as": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-lv": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-pl": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-gd": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-te": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ta": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-ka": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-id": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-bs": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-hi": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-zh-hant": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-mr": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-es": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-sl": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-uz": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-pt": "48.0+build2-0ubuntu0.14.04.1",
            "firefox-locale-de": "48.0+build2-0ubuntu0.14.04.1"
        }
    ]
}

Ubuntu:16.04:LTS / firefox

Package

Name
firefox

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
48.0+build2-0ubuntu0.16.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "firefox-locale-nl": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-kn": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-gl": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-sv": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-kk": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-fy": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-or": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-az": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-lt": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-hy": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-eo": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-km": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-testsuite": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-sr": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-is": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ca": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-uk": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ga": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-it": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ja": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-lg": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ms": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-zh-hans": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-mozsymbols": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ko": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-hr": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-mai": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-nb": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-dev": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-vi": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-he": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-sw": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-el": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-oc": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-xh": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-nn": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ar": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-csb": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-cs": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-gn": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-hsb": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-zu": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ro": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-globalmenu": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-af": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-nso": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-sk": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-si": "48.0+build2-0ubuntu0.16.04.1",
            "firefox": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-cy": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-fa": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-cak": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-sq": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-en": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-tr": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-br": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-et": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ast": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-th": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-da": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-fi": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ku": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-mn": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ru": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-mk": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-bg": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-hu": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-gu": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-bn": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ml": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-an": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-be": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-eu": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-fr": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-pa": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-as": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-lv": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-pl": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-gd": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-te": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ta": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-ka": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-id": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-bs": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-hi": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-zh-hant": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-mr": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-es": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-sl": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-uz": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-pt": "48.0+build2-0ubuntu0.16.04.1",
            "firefox-locale-de": "48.0+build2-0ubuntu0.16.04.1"
        }
    ]
}