CERT-In Advisory
CIAD-2014-0055
Multiple Vulnerabilities in Mozilla Products
Original Issue Date: September 10, 2014
Severity Rating: High
Systems Affected
- Mozilla Firefox version prior to 32.0
- Thunderbird version prior to 31.1
- Firefox ESR version prior to 31.1
Overview
Multiple vulnerabilities have been reported in the Mozilla Firefox, Firefox ESR and Thunderbird which could allow remote attackers to disclose sensitive information, execute arbitrary code and cause denial of service condition on the affected systems.
Description
1. Multiple Memory Corruption Vulnerabilities
(
CVE-2014-1554
CVE-2014-1562
CVE-2014-1553
)
Multiple unspecified vulnerabilities have been reported in the browser engine in multiple Mozilla products. A remote attacker could exploit these vulnerabilities by specially crafting a HTML page, which could trigger an execution of arbitrary code or cause a denial of service condition (memory corruption and application crash)upon loading on the affected systems.
2. Use-after-free vulnerability
(
CVE-2014-1563
)
Use-after-free vulnerability has been reported in the mozilla::DOMSVGLength::GetTearOff function in multiple Mozilla products. A remote attacker could exploit this vulnerability via SVG animation with DOM interaction which could triggers incorrect cycle collection. Successful exploitation of this vulnerability could allow remote attacker to execute arbitrary code or cause a denial of service condition on the affected systems.
3. Information Disclosure Vulnerability
(
CVE-2014-1564
)
This vulnerability is caused due to improper initialization of memory for GIF rendering in multiple Mozilla products. A remote attacker could exploit this vulnerability via crafted web script that interacts with a CANVAS element associated with a malformed GIF image. Successful exploitation of this vulnerability could allow remote attacker to obtain sensitive information from process memory of the affected system.
4. Information Disclosure and Denial of Service (DoS) Vulnerability
(
CVE-2014-1565
)
This vulnerability is caused due to improper audio timeline creation by mozilla::dom::Audio Event Timeline function in the Web Audio API implementation in multiple Mozilla products. A remote attacker could exploit this vulnerability via specially crafted API calls. Successful exploitation of this vulnerability could allow remote attacker to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) on the affected system.
5. Android Information Disclosure Vulnerability
(
CVE-2014-1566
)
Information disclosure vulnerability has been reported in Mozilla Firefox for Android. This vulnerability is caused due to Mozilla Firefox on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs. A remote attacker could exploit this vulnerability by creating a specially crafted 'file:' URL, when loaded by the target user, it will access a local file in the Firefox profile directory and copy the data to the SD card without user intervention. Successful exploitation of this vulnerability could allow remote attacker to obtain sensitive information the Firefox profile directory. This vulnerability exists because of an incomplete fix for CVE-2014-1515.
6. Use-after-free Vulnerability
(
CVE-2014-1567
)
Use-after-free vulnerability has been reported in DirectionalityUtils.cpp in multiple Mozilla products. A remote attacker could exploit this vulnerability via text that is improperly handled during the interaction between directionality resolution and layout. Successful exploitation of this vulnerability could allow remote attacker to execute arbitrary code on the affected system.
Solution
Apply appropriate patches as mentioned in the Mozilla Security Advisory
https://www.mozilla.org/security/announce/2014/mfsa2014-67.html
Vendor Information
Mozilla
https://www.mozilla.org/security/announce/2014/mfsa2014-67.html
References
Security Focus
http://www.securityfocus.com/bid/69519
http://www.securityfocus.com/bid/69519
http://www.securityfocus.com/bid/69523
http://www.securityfocus.com/bid/69524
http://www.securityfocus.com/bid/69525
http://www.securityfocus.com/bid/69521
http://www.securityfocus.com/bid/69522
http://www.securityfocus.com/bid/69520
Security Database
https://www.security-database.com/detail.php?alert=CVE-2014-1553
https://www.security-database.com/detail.php?alert=CVE-2014-1554
https://www.security-database.com/detail.php?alert=CVE-2014-1562
https://www.security-database.com/detail.php?alert=CVE-2014-1563
https://www.security-database.com/detail.php?alert=CVE-2014-1564
https://www.security-database.com/detail.php?alert=CVE-2014-1565
https://www.security-database.com/detail.php?alert=CVE-2014-1566
https://www.security-database.com/detail.php?alert=CVE-2014-1567
Security tracker
http://www.securitytracker.com/id/1030792
http://www.securitytracker.com/id/1030793
http://www.securitytracker.com/id/1030794
CVE Name
CVE-2014-1554
CVE-2014-1562
CVE-2014-1563
CVE-2014-1553
CVE-2014-1564
CVE-2014-1565
CVE-2014-1566
CVE-2014-1567
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|