CERT-In Advisory
CIAD-2014-0062
Multiple Vulnerabilities in Mozilla Products
Original Issue Date: October 20, 2014
Severity Rating: High
Systems Affected
- Mozilla Firefox prior to 33.0
- Mozilla Firefox ESR prior to 31.2
- Mozilla Thunderbird prior to 31.2
Overview
Multiple vulnerabilities have been reported in Mozilla Products which could be exploited by remote attackers to disclose sensitive information, execute arbitrary code or cause Denial of Service (DoS) conditions on the affected systems.
Description
1. Memory Corruption Vulnerability
(
CVE-2014-1574
)
This vulnerability exists in Mozilla products due to improper handling of memory safety bugs within the browser engine. A remote attacker could exploit this vulnerability by enticing the user to visit a specially crafted website to execute arbitrary code via unknown vectors or cause a denial of service condition.
2. Memory Corruption Vulnerability
(
CVE-2014-1575
)
This vulnerability exists in Mozilla Firefox due to an improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp. A remote attacker could exploit this vulnerability by enticing the user to visit a specially crafted website to execute arbitrary code or cause a denial of service condition.
3. Buffer overflow vulnerability
(
CVE-2014-1576
)
A buffer overflow vulnerability exists in Mozilla products due to improper bounds checking by the nsTransformedTextRun() function. A remote attacker could exploit this vulnerability via Cascading Style Sheets (CSS) token sequences execute arbitrary code on the target system.
4. Out of Bounds Memory Corruption Vulnerability
(
CVE-2014-1577
)
A memory corruption vulnerability exists in the Web Audio subsystem in Mozilla products due to out-of-bounds read in mozilla::dom::OscillatorNodeEngine::ComputeCustom() in Web Audio subsystem. A remote attacker could exploit this vulnerability via an invalid custom waveform that triggers a calculation of a negative frequency value. Successful exploitation of this vulnerability leads to obtaining of sensitive information or cause a denial of service conditions.
5. Denial Of Service Vulnerability
(
CVE-2014-1578
)
This vulnerability is caused due to improper handling of buffering operations during video playback in Mozilla Firefox and Thunderbird browsers. A remote attacker could exploit this vulnerability via WebM frames with invalid tile sizes. Successful exploitation of this vulnerability could allow a remote attacker to cause a denial of service on the affected system.
6. Information Disclosure Vulnerability
(
CVE-2014-1580
)
This vulnerability exists in Mozilla Firefox due to improper initialization of memory for GIF images. A remote attacker could exploit this vulnerability via a crafted GIF image that triggers a sequence of rendering operations within a (canvas) element . Successful exploitation of this vulnerability leads to obtaining of sensitive information from process memory of the affected systems.
7. Use-After-Free vulnerability
(
CVE-2014-1581
)
A vulnerability has been reported in DirectionalityUtils.cpp function in multiple Mozilla products due to improper handling of text during the interaction between directionality resolution and layout. A remote attacker could exploit this vulnerability to execute arbitrary code on the target system.
8. Same Origin Policy Security Bypass Vulnerability
(
CVE-2014-1583
)
This vulnerability exists in the Alarm API in Mozilla Firefox and Firefox ESR due to improper restriction of toJSON calls. A remote attacker could exploit this vulnerability via crafted API calls to bypass the Same Origin Policy to obtain sensitive information from within the JSON data of an alarm.
9. Security Bypass Vulnerability
(
CVE-2014-1585
)
This vulnerability exists in Mozilla Firefox, Firefox ESR and Thunderbird due to improper implementation of WebRTC video-sharing feature in dom/media/MediaManager.cpp. A remote attacker could exploit this vulnerability by maintaining a session which leads to obtaining sensitive information from the local camera once the user discontinues streaming.
10. Security Bypass Vulnerability
(
CVE-2014-1586
)
This vulnerability exists in Mozilla products due to an improper implementation of WebRTC video-sharing feature in dom/media/MediaManager.cpp. A remote attacker could exploit this vulnerability by maintaining a session which leads to obtaining sensitive information from the local camera when the user temporarily navigates away.
Solution
Apply appropriate fixed versions as mentioned in Mozilla Security Advisory
https://www.mozilla.org/security/announce/2014/mfsa2014-74.html
https://www.mozilla.org/security/announce/2014/mfsa2014-75.html
https://www.mozilla.org/security/announce/2014/mfsa2014-76.html
Vendor Information
Mozilla
https://www.mozilla.org/security/announce/2014/mfsa2014-74.html
https://www.mozilla.org/security/announce/2014/mfsa2014-75.html
https://www.mozilla.org/security/announce/2014/mfsa2014-76.html
https://www.mozilla.org/security/announce/2014/mfsa2014-77.html
https://www.mozilla.org/security/announce/2014/mfsa2014-78.html
https://www.mozilla.org/security/announce/2014/mfsa2014-80.html
https://www.mozilla.org/security/announce/2014/mfsa2014-81.html
https://www.mozilla.org/security/announce/2014/mfsa2014-82.html
References
Security Focus
http://www.securityfocus.com/bid/70436
http://www.securityfocus.com/bid/70439
http://www.securityfocus.com/bid/70430
http://www.securityfocus.com/bid/70440
http://www.securityfocus.com/bid/70428
http://www.securityfocus.com/bid/70431
http://www.securityfocus.com/bid/70426
http://www.securityfocus.com/bid/70424
http://www.securityfocus.com/bid/70425
http://www.securityfocus.com/bid/70427
Security tracker
http://www.securitytracker.com/id/1031030
http://www.securitytracker.com/id/1031028
CVE Name
CVE-2014-1574
CVE-2014-1575
CVE-2014-1576
CVE-2014-1577
CVE-2014-1578
CVE-2014-1580
CVE-2014-1581
CVE-2014-1583
CVE-2014-1585
CVE-2014-1586
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|