CERT-In Advisory
CIAD-2015-0066
Multiple Vulnerabilities in Mozilla Products
Original Issue Date: November 30, 2015
Severity Rating: High
Software Affected
- Mozilla Firefox version prior to 33.0 ESR 31.2
Overview
Multiple vulnerabilities have been reported in Mozilla which could be exploited by remote attackers to execute arbitrary code, obtain potentially sensitive information, bypass security restriction, or cause denial of service (DoS) conditions on the systems installed with affected version of software.
Description
1. Memory Corruption Vulnerabilities
(
CVE-2015-4513
CVE-2015-4514
)
Memory corruption vulnerabilities exist in Mozilla Firefox. A remote attacker could exploit these vulnerabilities by triggering memory corruption errors to execute arbitrary code via unknown vectors or cause a denial of service conditions on the affected systems.
2. Information Disclosure Vulnerability
(
CVE-2015-4515
)
A vulnerability exists in Mozilla Firefox when NTLM v1 is enabled for HTTP authentication. A remote attacker could exploit this vulnerability by enticing the user to visit a specially crafted website to send an NTLM and reads the Workstation field of an NTLM type 3 message.
3. Cross-site scripting (XSS) Vulnerability
(
CVE-2015-4518
)
This vulnerability exists in Reader View implementation in Mozilla Firefox, which is caused due to improper whitelist. A remote attacker could exploit this vulnerability attacks via the about:reader URL vector involving SVG animations to bypass the Content Security Policy (CSP) protection mechanism and attacks like cross-site scripting (XSS).
4. Address bar Spoofing Vulnerability
(
CVE-2015-7185
)
This vulnerability exists in Mozilla for Android due to its inadequacy to validate the address bar properly when exiting full screen mode. A remote attacker could exploit this vulnerability to spoof the address bar via crafted JavaScript code.
5. Same Origin Policy Security Bypass Vulnerability
(
CVE-2015-7186
)
This vulnerability exists in Mozilla for Android. A remote attacker could exploit this vulnerability via a file: URL in a saved HTML document to trigger file download or opening of cached profile data to bypass the Same Origin Policy.
6. Cross-site scripting Vulnerability
(
CVE-2015-7187
)
A vulnerability exists in Add-on SDK in Mozilla Firefox due to misinterpretation of a "script: false" panel setting. A remote attacker could exploit this vulnerability by executing an inline JavaScript within a third-party extension. Successfully exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks.
7. Same Origin Policy Security Bypass Vulnerability
(
CVE-2015-7188
)
This vulnerability exists in Mozilla Firefox and Firefox ESR, which is caused due to an error while handling trailing whitespaces in the IP address hostname. A remote attacker could exploit this vulnerability by appending whitespace characters to an IP address string leading to Same Origin Policy bypass. Successful exploitation of this vulnerability could lead to cross site scripting attacks. Successfully exploitation of this vulnerability could lead to conduct cross-site scripting (XSS) attacks.
8. Heap-Based Buffer Overflow Vulnerability
(
CVE-2015-7189
)
A race condition exists in the JPEGEncoder function in Mozilla Firefox and Firefox ESR, which is caused due to improper validation of user-supplied input when handling canvas elements. A remote attacker could exploit this vulnerability via vectors leading to heap based buffer overflow. Successful exploitation of this vulnerability could lead to execution of arbitrary code or cause denial of service conditions on the affected systems.
9. Information Disclosure Vulnerability
(
CVE-2015-7190
)
This vulnerability exists in the search feature of Firefox for Android. A remote attacker could exploit this vulnerability by loading a URL with system privileges. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information.
10. Cross Site Scripting Vulnerability
(
CVE-2015-7191
)
The vulnerability exists in Android Intents used in Firefox for Android which improperly sterilizes opened addresses sent to Firefox through intents. An attacker could leverage this issue to conduct cross-site script (XSS) attack by supplying crafted inputs through the use of Android intents and fallback navigation.
11. Denial of service condition Vulnerability
(
CVE-2015-7192
)
This vulnerability exists in Mozilla Firefox on OS X due to improper interaction of the TABLE element. A remote attacker could exploit this vulnerability by executing arbitrary code while using an NSAccessibilityIndexAttribute value to reference a row index. Successfully exploitation of this vulnerability could lead to Denial of service conditions on the affected systems.
12. Same Origin Policy Security Bypass Vulnerability
(
CVE-2015-7193
)
This vulnerability exists in Mozilla Firefox and Firefox ESR, which is caused due to improper handling of the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation. A remote attacker could exploit this vulnerability by leveraging the lack of a preflight-request step to bypass the Same Origin Policy
13. Denial of service condition Vulnerability
(
CVE-2015-7194
)
This vulnerability exists in libjar in Mozilla Firefox and Firefox ESR, which is caused due to improper validation of user-supplied input when handling ZIP archives. A remote attacker could exploit this vulnerability by enticing the user to visit a specially crafted ZIP archive that could cause arbitrary code execution or cause denial of service conditions on the affected systems.
14. Information Disclosure Vulnerability
(
CVE-2015-7195
)
This vulnerability exists in Mozilla Firefox due to improper parsing of escaped characters in hostnames within Location headers. A remote attacker could exploit this vulnerability via vectors involving a redirect. Successfully exploitation of this vulnerability could allow a remote attacker to obtain sensitive information from the targeted system.
15. Denial of service condition Vulnerability
(
CVE-2015-7196
)
This vulnerability exists in Mozilla Firefox and Firefox ESR, which is caused due to improper reallocation of JavaScript wrappers. A remote attacker could exploit this vulnerability by execute arbitrary code or cause denial of service conditions (application crash) on the affected systems.
16. Denial of service condition Vulnerabilities
(
CVE-2015-7198
CVE-2015-7199
CVE-2015-7200
)
These vulnerabilities exist in ANGLE graphics library, in SVG rendering, and in cryptographic key manipulation, in Mozilla. A remote attacker could exploit these vulnerabilities to execute arbitrary code via unknown vectors. Successfully exploitation of these vulnerabilities could lead to denial of service conditions (memory corruption) on the affected systems.
Note: Mechanism to exploit these vulnerabilities has not been identified.
17. Security Bypass Vulnerability
(
CVE-2015-7197
)
This vulnerability exists in Mozilla Firefox and Firefox ESR, which is caused due to improper controls the ability of a web worker to create a WebSocket object. A remote attacker could exploit this vulnerability via crafted JavaScript code. Successfully exploitation of this vulnerability could allow remote attacker to bypass intended mixed-content restrictions.
18. Denial of service condition Vulnerabilities
(
CVE-2015-7181
CVE-2015-7182
CVE-2015-7183
)
These Vulnerabilities exist in ASN.1 decoder or Integer overflow in the PL_ARENA_ALLOCATE implementation in Network Security Services (NSS) in the Mozilla Firefox and Firefox ESR, which is caused due to improper restriction of an unspecified data structure. A remote attacker could exploit this vulnerability via crafted OCTET STRING data. Successfully exploitation of these vulnerabilities could allow remote attackers to cause a denial of service Conditions on the affected systems.
Solution
Apply appropriate fixed versions as mentioned in Mozilla Security Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-116.html
http://www.mozilla.org/security/announce/2015/mfsa2015-117.html
http://www.mozilla.org/security/announce/2015/mfsa2015-118.html
http://www.mozilla.org/security/announce/2015/mfsa2015-119.html
http://www.mozilla.org/security/announce/2015/mfsa2015-120.html
http://www.mozilla.org/security/announce/2015/mfsa2015-121.html
http://www.mozilla.org/security/announce/2015/mfsa2015-122.html
http://www.mozilla.org/security/announce/2015/mfsa2015-123.html
http://www.mozilla.org/security/announce/2015/mfsa2015-124.html
http://www.mozilla.org/security/announce/2015/mfsa2015-125.html
http://www.mozilla.org/security/announce/2015/mfsa2015-126.html
http://www.mozilla.org/security/announce/2015/mfsa2015-127.html
http://www.mozilla.org/security/announce/2015/mfsa2015-128.html
http://www.mozilla.org/security/announce/2015/mfsa2015-129.html
http://www.mozilla.org/security/announce/2015/mfsa2015-130.html
http://www.mozilla.org/security/announce/2015/mfsa2015-131.html
http://www.mozilla.org/security/announce/2015/mfsa2015-132.html
http://www.mozilla.org/security/announce/2015/mfsa2015-133.html
Vendor Information
Mozilla
http://www.mozilla.org/security/announce/2015/mfsa2015-116.html
http://www.mozilla.org/security/announce/2015/mfsa2015-117.html
http://www.mozilla.org/security/announce/2015/mfsa2015-118.html
http://www.mozilla.org/security/announce/2015/mfsa2015-119.html
http://www.mozilla.org/security/announce/2015/mfsa2015-120.html
http://www.mozilla.org/security/announce/2015/mfsa2015-121.html
http://www.mozilla.org/security/announce/2015/mfsa2015-122.html
http://www.mozilla.org/security/announce/2015/mfsa2015-123.html
http://www.mozilla.org/security/announce/2015/mfsa2015-124.html
http://www.mozilla.org/security/announce/2015/mfsa2015-125.html
http://www.mozilla.org/security/announce/2015/mfsa2015-126.html
http://www.mozilla.org/security/announce/2015/mfsa2015-127.html
http://www.mozilla.org/security/announce/2015/mfsa2015-128.html
http://www.mozilla.org/security/announce/2015/mfsa2015-129.html
http://www.mozilla.org/security/announce/2015/mfsa2015-130.html
http://www.mozilla.org/security/announce/2015/mfsa2015-131.html
http://www.mozilla.org/security/announce/2015/mfsa2015-132.html
http://www.mozilla.org/security/announce/2015/mfsa2015-133.html
References
Mozilla
http://www.mozilla.org/security/announce/2015/mfsa2015-116.html
http://www.mozilla.org/security/announce/2015/mfsa2015-117.html
http://www.mozilla.org/security/announce/2015/mfsa2015-118.html
http://www.mozilla.org/security/announce/2015/mfsa2015-119.html
http://www.mozilla.org/security/announce/2015/mfsa2015-120.html
http://www.mozilla.org/security/announce/2015/mfsa2015-121.html
http://www.mozilla.org/security/announce/2015/mfsa2015-122.html
http://www.mozilla.org/security/announce/2015/mfsa2015-123.html
http://www.mozilla.org/security/announce/2015/mfsa2015-124.html
http://www.mozilla.org/security/announce/2015/mfsa2015-125.html
http://www.mozilla.org/security/announce/2015/mfsa2015-126.html
http://www.mozilla.org/security/announce/2015/mfsa2015-127.html
http://www.mozilla.org/security/announce/2015/mfsa2015-128.html
http://www.mozilla.org/security/announce/2015/mfsa2015-129.html
http://www.mozilla.org/security/announce/2015/mfsa2015-130.html
http://www.mozilla.org/security/announce/2015/mfsa2015-131.html
http://www.mozilla.org/security/announce/2015/mfsa2015-132.html
http://www.mozilla.org/security/announce/2015/mfsa2015-133.html
Security tracker
http://securitytracker.com/id/1034069
CVE Name
CVE-2015-4513
CVE-2015-4514
CVE-2015-4515
CVE-2015-4518
CVE-2015-7181
CVE-2015-7182
CVE-2015-7183
CVE-2015-7185
CVE-2015-7186
CVE-2015-7187
CVE-2015-7188
CVE-2015-7189
CVE-2015-7190
CVE-2015-7191
CVE-2015-7192
CVE-2015-7193
CVE-2015-7194
CVE-2015-7195
CVE-2015-7196
CVE-2015-7197
CVE-2015-7198
CVE-2015-7199
CVE-2015-7200
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|