Advisories ยป MGASA-2015-0382

Updated firefox packages fix security vulnerabilities

Publication date: 23 Sep 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-4500 , CVE-2015-4509 , CVE-2015-4517 , CVE-2015-4519 , CVE-2015-4520 , CVE-2015-4521 , CVE-2015-4522 , CVE-2015-7174 , CVE-2015-7175 , CVE-2015-7176 , CVE-2015-7177 , CVE-2015-7180


Updated firefox packages fix security vulnerabilities:

Mozilla developers and community identified and fixed several memory safety
bugs in the browser engine used in Firefox that could cause memory corruption
and crashes or potentially allow for arbitrary code execution

Using the Address Sanitizer tool, security researcher Atte Kettunen
discovered a buffer overflow in the nestegg library when decoding a WebM
format video with maliciously formatted headers. This leads to a potentially
exploitable crash (CVE-2015-4511).

An anonymous researcher reported, via HP's Zero Day Initiative, a
use-after-free vulnerability with HTML media elements on a page during script
manipulation of the URI table of these elements. This results in a
potentially exploitable crash (CVE-2015-4509).

Security researcher Mario Gomes reported that when a previously loaded image
on a page is drag and dropped into content after a redirect, the redirected
URL is available to scripts. This is a violation of the Fetch specification's
defined behavior for "Atomic HTTP redirect handling" which states that
redirected URLs are not exposed to any APIs. This can allow for information
leakage (CVE-2015-4519).

Mozilla developer Ehsan Akhgari reported two issues with Cross-origin
resource sharing (CORS) "preflight" requests. The first issue is that in some
circumstances the same cache key can be generated for two preflight requests
on a site. As a result, if a second request is made that will match the
cached key generated by an earlier request, CORS checks will be bypassed
because the system will see the previously cached request as applicable
(CVE-2015-4520). In the second issue, when some Access-Control- headers are
missing from CORS responses, the values from different Access-Control-
headers can be used that present in the same response.

Security researcher Ronald Crane reported eight vulnerabilities affecting
released code that were found through code inspection. These included several
potential memory safety issues resulting from the use of snprintf, one use of
unowned memory, one use of a string without overflow checks, and five memory
safety bugs. These do not all have clear mechanisms to be exploited through
web content but are vulnerable if a mechanism can be found to trigger them
(CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175,
CVE-2015-7176, CVE-2015-7177, CVE-2015-7180).