Vulnerabilities > CVE-2016-2800 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mozilla
suse
opensuse
oracle
sil
CWE-119
nessus

Summary

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.

Vulnerable Configurations

Part Description Count
Application
Mozilla
424
Application
Sil
22
OS
Suse
1
OS
Opensuse
3
OS
Oracle
3

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3520.NASL
    descriptionMultiple security issues have been found in Icedove, Debian
    last seen2020-06-01
    modified2020-06-02
    plugin id90031
    published2016-03-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90031
    titleDebian DSA-3520-1 : icedove - security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0373.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, Abdulrahman Alqabandi, ca0nguyen, lokihardt, Dominique Hazael-Massieux, Nicolas Gregoire, Tsubasa Iinuma, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.7.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2016-03-09
    plugin id89774
    published2016-03-09
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89774
    titleRHEL 5 / 6 / 7 : firefox (RHSA-2016:0373)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_45.NASL
    descriptionThe version of Firefox installed on the remote Mac OS X host is prior to 45. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id89873
    published2016-03-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89873
    titleFirefox < 45 Multiple Vulnerabilities (Mac OS X)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0373.NASL
    descriptionFrom Red Hat Security Advisory 2016:0373 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, Abdulrahman Alqabandi, ca0nguyen, lokihardt, Dominique Hazael-Massieux, Nicolas Gregoire, Tsubasa Iinuma, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.7.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2016-03-10
    plugin id89816
    published2016-03-10
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89816
    titleOracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0373)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-395.NASL
    descriptionMozillaThunderbird was updated to 38.7.0 to fix the following issues : - Update to Thunderbird 38.7.0 (boo#969894) - MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback - MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using performance.getEntries and history navigation - MFSA 2016-16/CVE-2016-1952 Miscellaneous memory safety hazards - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library
    last seen2020-06-05
    modified2016-03-25
    plugin id90170
    published2016-03-25
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90170
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2016-395)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2927-1.NASL
    descriptionIt was discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially- crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id89930
    published2016-03-15
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89930
    titleUbuntu 14.04 LTS / 15.10 : graphite2 vulnerabilities (USN-2927-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-334.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : MozillaFirefox was updated to Firefox 45.0 (boo#969894) - requires NSPR 4.12 / NSS 3.21.1 - Instant browser tab sharing through Hello - Synced Tabs button in button bar - Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching - Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level - Tab Groups (Panorama) feature removed - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library mozilla-nspr was updated to version 4.12 - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes mozilla-nss was updated to NSS 3.21.1 (bmo#969894) - required for Firefox 45.0 - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
    last seen2020-06-05
    modified2016-03-14
    plugin id89915
    published2016-03-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89915
    titleopenSUSE Security Update : Firefox (openSUSE-2016-334)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160316_THUNDERBIRD_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Thunderbird. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2016-03-17
    plugin id89988
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89988
    titleScientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20160316)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-63.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-63 (Graphite: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Graphite. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96749
    published2017-01-25
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96749
    titleGLSA-201701-63 : Graphite: Multiple vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0460.NASL
    descriptionAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Thunderbird. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, ca0nguyen, lokihardt, Nicolas Gregoire, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.7.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.7.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2016-03-17
    plugin id89971
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89971
    titleCentOS 5 / 6 / 7 : thunderbird (CESA-2016:0460)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0727-1.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues : - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs : - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894) : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id89929
    published2016-03-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89929
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0727-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160309_FIREFOX_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2016-03-10
    plugin id89822
    published2016-03-10
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89822
    titleScientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160309)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-851.NASL
    descriptionThis update contains Mozilla Thunderbird 45.2. (boo#983549) It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed : - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549, MFSA2016-49) Contains the following security fixes from the 45.1 release: (boo#977333) - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards (boo#977375, boo#977376, MFSA 2016-39) Contains the following security fixes from the 45.0 release: (boo#969894) - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA 2016-16) - CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17) - CVE-2016-1955: CSP reports fail to strip location information for embedded iframe pages (MFSA 2016-18) - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19) - CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20) - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23) - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24) - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27) - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34) The graphite font shaping library was disabled, addressing the following font vulnerabilities : - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 The following tracked packaging changes are included : - fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637) - gcc6 fixes (boo#986162) - running on 48bit va aarch64 (boo#984126)
    last seen2020-06-05
    modified2016-07-11
    plugin id91986
    published2016-07-11
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91986
    titleopenSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-851)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2934-1.NASL
    descriptionBob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1952) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website in a browsing context with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1961) Nicolas Gregoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1964) A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website in a browsing context with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1966) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1974) Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1950) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90822
    published2016-05-02
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90822
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : thunderbird vulnerabilities (USN-2934-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0777-1.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894) - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 A memory leak in libstagefright when deleting an array during MP4 processing was fixed. - MFSA 2016-21/CVE-2016-1958 The displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 A use-after-free in HTML5 string parser was fixed. - MFSA 2016-24/CVE-2016-1961 A use-after-free in SetBody was fixed. - MFSA 2016-25/CVE-2016-1962 A use-after-free when using multiple WebRTC data channels was fixed. - MFSA 2016-27/CVE-2016-1964 A use-after-free during XML transformations was fixed. - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property was fixed. - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin was fixed. - MFSA 2016-34/CVE-2016-1974 A out-of-bounds read in the HTML parser following a failed allocation was fixed. - MFSA 2016-35/CVE-2016-1950 A buffer overflow during ASN.1 decoding in NSS was fixed. - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Various font vulnerabilities were fixed in the embedded Graphite 2 library Mozilla NSS was updated to fix : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Mozilla NSPR was updated to version 4.12 (bsc#969894) - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes - Enable atomic instructions on mips (bmo#1129878) - Fix mips assertion failure when creating thread with custom stack size (bmo#1129968) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id89990
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89990
    titleSUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0777-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2917-2.NASL
    descriptionUSN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This update fixes the problem. We apologize for the inconvenience. Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950) Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylanki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1952, CVE-2016-1953) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955) Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958) Looben Yang discovered an out-of-bounds read in Service Worker Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1959) A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1961) Dominique Hazael-Massieux discovered a use-after-free when using multiple WebRTC data channels. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1962) It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1963) Nicolas Gregoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1964) Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965) A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1966) Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967) Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1968) Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1973) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1974) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90421
    published2016-04-08
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90421
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 : firefox regressions (USN-2917-2)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0373.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, Abdulrahman Alqabandi, ca0nguyen, lokihardt, Dominique Hazael-Massieux, Nicolas Gregoire, Tsubasa Iinuma, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.7.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id89763
    published2016-03-09
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89763
    titleCentOS 5 / 6 / 7 : firefox (CESA-2016:0373)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_45.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 45. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id89875
    published2016-03-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89875
    titleFirefox < 45 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0820-1.NASL
    descriptionMozilla Firefox was updated to 38.7.0 ESR, fixing the following security issues : MFSA 2016-16/CVE-2016-1952/CVE-2016-1953: Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) MFSA 2016-17/CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-20/CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing MFSA 2016-21/CVE-2016-1958: Displayed page address can be overridden MFSA 2016-23/CVE-2016-1960: Use-after-free in HTML5 string parser MFSA 2016-24/CVE-2016-1961: Use-after-free in SetBody MFSA 2016-25/CVE-2016-1962: Use-after-free when using multiple WebRTC data channels MFSA 2016-27/CVE-2016-1964: Use-after-free during XML transformations MFSA 2016-28/CVE-2016-1965: Addressbar spoofing though history navigation and Location protocol property MFSA 2016-31/CVE-2016-1966: Memory corruption with malicious NPAPI plugin MFSA 2016-34/CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in NSS MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802: Font vulnerabilities in the Graphite 2 library. Mozilla NSPR was updated to version 4.12, fixing following bugs : Added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. Fixed a memory allocation bug related to the PR_*printf functions Exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 Several minor correctness and compatibility fixes. Mozilla NSS was updated to fix security issues : MFSA 2016-15/CVE-2016-1978: Use-after-free in NSS during SSL connections in low memory MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in NSS MFSA 2016-36/CVE-2016-1979: Use-after-free during processing of DER encoded keys in NSS. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90065
    published2016-03-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90065
    titleSUSE SLES10 Security Update : MozillaFirefox (SUSE-SU-2016:0820-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-402.NASL
    descriptionMozillaThunderbird was updated to 38.7.0 to fix the following issues : - Update to Thunderbird 38.7.0 (boo#969894) - MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback - MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using performance.getEntries and history navigation - MFSA 2016-16/CVE-2016-1952 Miscellaneous memory safety hazards - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library
    last seen2020-06-05
    modified2016-03-28
    plugin id90240
    published2016-03-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90240
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2016-402)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201605-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id91379
    published2016-05-31
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91379
    titleGLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-848.NASL
    descriptionThis update contains Mozilla Thunderbird 45.2. (boo#983549) It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed : - CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549, MFSA2016-49) Contains the following security fixes from the 45.1 release: (boo#977333) - CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards (boo#977375, boo#977376, MFSA 2016-39) Contains the following security fixes from the 45.0 release: (boo#969894) - CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA 2016-16) - CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17) - CVE-2016-1955: CSP reports fail to strip location information for embedded iframe pages (MFSA 2016-18) - CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19) - CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20) - CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23) - CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24) - CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27) - CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34) The graphite font shaping library was disabled, addressing the following font vulnerabilities : - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 The following tracked packaging changes are included : - fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637) - gcc6 fixes (boo#986162) - running on 48bit va aarch64 (boo#984126)
    last seen2020-06-05
    modified2016-07-11
    plugin id91985
    published2016-07-11
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91985
    titleopenSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-848)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3515.NASL
    descriptionMultiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed.
    last seen2020-06-01
    modified2020-06-02
    plugin id89877
    published2016-03-14
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89877
    titleDebian DSA-3515-1 : graphite2 - security update
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_38_7_ESR.NASL
    descriptionThe version of Mozilla Firefox ESR installed on the remote Windows host is prior to 38.7. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id89874
    published2016-03-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89874
    titleFirefox ESR < 38.7 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0460.NASL
    descriptionFrom Red Hat Security Advisory 2016:0460 : An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Thunderbird. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, ca0nguyen, lokihardt, Nicolas Gregoire, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.7.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.7.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2016-03-17
    plugin id89981
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89981
    titleOracle Linux 6 / 7 : thunderbird (ELSA-2016-0460)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2917-3.NASL
    descriptionUSN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950) Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylanki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1952, CVE-2016-1953) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955) Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958) Looben Yang discovered an out-of-bounds read in Service Worker Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1959) A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1961) Dominique Hazael-Massieux discovered a use-after-free when using multiple WebRTC data channels. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1962) It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1963) Nicolas Gregoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1964) Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965) A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1966) Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967) Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1968) Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1973) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1974) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90598
    published2016-04-20
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90598
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 : firefox regressions (USN-2917-3)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_ADFFE823E6924921AE9C0B825C218372.NASL
    descriptionMozilla Foundation reports : Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash.
    last seen2020-06-01
    modified2020-06-02
    plugin id89767
    published2016-03-09
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89767
    titleFreeBSD : graphite2 -- multiple vulnerabilities (adffe823-e692-4921-ae9c-0b825c218372)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0909-1.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues : - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs : - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894) : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90263
    published2016-04-01
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90263
    titleSUSE SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0909-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_38_7_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote Mac OS X host is prior to 38.7. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id89872
    published2016-03-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89872
    titleFirefox ESR < 38.7 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-332.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : MozillaFirefox was updated to Firefox 45.0 (boo#969894) - requires NSPR 4.12 / NSS 3.21.1 - Instant browser tab sharing through Hello - Synced Tabs button in button bar - Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching - Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level - Tab Groups (Panorama) feature removed - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library mozilla-nspr was updated to version 4.12 - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes mozilla-nss was updated to NSS 3.21.1 (bmo#969894) - required for Firefox 45.0 - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
    last seen2020-06-05
    modified2016-03-14
    plugin id89913
    published2016-03-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89913
    titleopenSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss (openSUSE-2016-332)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0460.NASL
    descriptionAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Thunderbird. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, ca0nguyen, lokihardt, Nicolas Gregoire, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.7.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.7.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2016-03-17
    plugin id89986
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89986
    titleRHEL 5 / 6 / 7 : thunderbird (RHSA-2016:0460)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1002.NASL
    descriptionAccording to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966) - Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99765
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99765
    titleEulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1002)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3510.NASL
    descriptionMultiple security issues have been found in Iceweasel, Debian
    last seen2020-06-01
    modified2020-06-02
    plugin id89792
    published2016-03-10
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89792
    titleDebian DSA-3510-1 : iceweasel - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2917-1.NASL
    descriptionFrancis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950) Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylanki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1952, CVE-2016-1953) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955) Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958) Looben Yang discovered an out-of-bounds read in Service Worker Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1959) A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1961) Dominique Hazael-Massieux discovered a use-after-free when using multiple WebRTC data channels. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1962) It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1963) Nicolas Gregoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1964) Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965) A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1966) Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967) Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1968) Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1973) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1974) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802).
    last seen2020-06-01
    modified2020-06-02
    plugin id89826
    published2016-03-10
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89826
    titleUbuntu 12.04 LTS / 14.04 / 15.10 : firefox vulnerabilities (USN-2917-1)

Redhat

rpms
  • firefox-0:38.7.0-1.el5_11
  • firefox-0:38.7.0-1.el6_7
  • firefox-0:38.7.0-1.el7_2
  • firefox-debuginfo-0:38.7.0-1.el5_11
  • firefox-debuginfo-0:38.7.0-1.el6_7
  • firefox-debuginfo-0:38.7.0-1.el7_2
  • thunderbird-0:38.7.0-1.el5_11
  • thunderbird-0:38.7.0-1.el6_7
  • thunderbird-0:38.7.0-1.el7_2
  • thunderbird-debuginfo-0:38.7.0-1.el5_11
  • thunderbird-debuginfo-0:38.7.0-1.el6_7
  • thunderbird-debuginfo-0:38.7.0-1.el7_2

References