15th December, 2015<\/em><\/p>\n A security issue affects these releases of Ubuntu and its Firefox could be made to crash or run programs as your login if it Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Ronald Crane discovered three buffer overflows through code inspection. Cajus Pollmeier discovered a crash during javascript variable assignments Ronald Crane discovered a buffer overflow through code inspection. If a It was discovered that it is possible to read cross-origin URLs following It was discovered that Firefox allows for control characters to be set in Looben Yang discovered a use-after-free in WebRTC when closing channels in Abdulrahman Alqabandi discovered that hash symbol is incorrectly handled Abhishek Arya discovered an integer overflow when allocating large Ronald Crane dicovered an integer overflow when processing MP4 format Tsubasa Iinuma discovered a way to bypass same-origin restrictions using Masato Kinugawa discovered a cross-origin information leak in error events Gustavo Grieco discovered that the file chooser crashed on malformed Stuart Larsen discoverd two integer underflows when handling malformed Gerald Squelart discovered an integer underflow in the libstagefright Kris Maglione discovered a mechanism where web content could use The problem can be corrected by updating your system to the following To update your system, please follow these instructions: After a standard system update you need to restart Firefox to make CVE-2015-7201<\/a>, <\/p>\n CVE-2015-7202<\/a>, <\/p>\n CVE-2015-7203<\/a>, <\/p>\n CVE-2015-7204<\/a>, <\/p>\n CVE-2015-7205<\/a>, <\/p>\n CVE-2015-7207<\/a>, <\/p>\n CVE-2015-7208<\/a>, <\/p>\n CVE-2015-7210<\/a>, <\/p>\n CVE-2015-7211<\/a>, <\/p>\n CVE-2015-7212<\/a>, <\/p>\n CVE-2015-7213<\/a>, <\/p>\n CVE-2015-7214<\/a>, <\/p>\n CVE-2015-7215<\/a>, <\/p>\n CVE-2015-7216<\/a>, <\/p>\n CVE-2015-7217<\/a>, <\/p>\n CVE-2015-7218<\/a>, <\/p>\n CVE-2015-7219<\/a>, <\/p>\n CVE-2015-7220<\/a>, <\/p>\n CVE-2015-7221<\/a>, <\/p>\n CVE-2015-7222<\/a>, <\/p>\n CVE-2015-7223<\/a><\/p>\n Source: ubuntu-usn<\/p>\n","protected":false},"excerpt":{"rendered":" Ubuntu Security Notice USN-2833-1 15th December, 2015 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman,Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henrettydiscovered multiple memory safety issues in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, or execute arbitrary code with the privileges of the user invokingFirefox. (CVE-2015-7201, CVE-2015-7202) Ronald Crane discovered three buffer overflows through code inspection.If a user were tricked in to opening a specially crafted website, [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-1788","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/1788","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=1788"}],"version-history":[{"count":0,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/1788\/revisions"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=1788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=1788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=1788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}firefox vulnerabilities<\/h3>\n
\n derivatives:<\/p>\n\n
Summary<\/h3>\n
\nopened a malicious website.\n<\/p>\nSoftware description<\/h3>\n
\n
\n – Mozilla Open Source web browser<\/p>\n<\/li>\n<\/ul>\nDetails<\/h3>\n
Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-7201<\/a>, CVE-2015-7202<\/a>)<\/p>\n
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2015-7203<\/a>, CVE-2015-7220<\/a>, CVE-2015-7221<\/a>)<\/p>\n
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-7204<\/a>)<\/p>\n
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2015-7205<\/a>)<\/p>\n
a redirect if performance.getEntries() is used with an iframe to host a
page. If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to bypass same-origin
restrictions. (CVE-2015-7207<\/a>)<\/p>\n
cookies. An attacker could potentially exploit this to conduct cookie
injection attacks on some web servers. (CVE-2015-7208<\/a>)<\/p>\n
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2015-7210<\/a>)<\/p>\n
when parsing data: URLs. An attacker could potentially exploit this to
conduct URL spoofing attacks. (CVE-2015-7211<\/a>)<\/p>\n
textures. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2015-7212<\/a>)<\/p>\n
video in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2015-7213<\/a>)<\/p>\n
data: and view-source: URLs. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive information and read local files. (CVE-2015-7214<\/a>)<\/p>\n
in web workers. An attacker could potentially exploit this to obtain
sensitive information. (CVE-2015-7215<\/a>)<\/p>\n
images due to flaws in the Jasper library. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service.
(CVE-2015-7216<\/a>, CVE-2015-7217<\/a>)<\/p>\n
HTTP\/2 frames in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit these
to cause a denial of service via application crash. (CVE-2015-7218<\/a>,
CVE-2015-7219<\/a>)<\/p>\n
library when parsing MP4 format video in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-7222<\/a>)<\/p>\n
WebExtension APIs to execute code with the privileges of a particular
WebExtension. If a user were tricked in to opening a specially crafted
website with a vulnerable extension installed, an attacker could
potentially exploit this to obtain sensitive information or conduct
cross-site scripting (XSS) attacks. (CVE-2015-7223<\/a>)<\/p>\nUpdate instructions<\/h3>\n
\npackage version:<\/p>\n\n
\n
\n 43.0+build1-0ubuntu0.15.10.1<\/a>
\n <\/span>\n <\/dd>\n
\n
\n 43.0+build1-0ubuntu0.15.04.1<\/a>
\n <\/span>\n <\/dd>\n
\n
\n 43.0+build1-0ubuntu0.14.04.1<\/a>
\n <\/span>\n <\/dd>\n
\n
\n 43.0+build1-0ubuntu0.12.04.1<\/a>
\n <\/span>\n <\/dd>\n<\/dl>\n
\nhttps:\/\/wiki.ubuntu.com\/Security\/Upgrades<\/a>.\n<\/p>\n
all the necessary changes.<\/p>\nReferences<\/h3>\n