DIESER SERVICE KANN ÜBERSETZUNGEN VON GOOGLE ENTHALTEN. GOOGLE ÜBERNIMMT KEINERLEI VERANTWORTUNG FÜR DIE ÜBERSETZUNGEN. DARUNTER FÄLLT JEGLICHE VERANTWORTUNG IN BEZUG AUF RICHTIGKEIT UND ZUVERLÄSSIGKEIT SOWIE JEGLICHE STILLSCHWEIGENDEN GEWÄHRLEISTUNGEN DER MARKTGÄNGIGKEIT, NICHT-VERLETZUNG VON RECHTEN DRITTER ODER DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK. Die Website von Kaspersky Lab wurde für Ihre Bequemlichkeit mithilfe einer Übersetzungssoftware von Google Translate übersetzt. Es wurden angemessene Bemühungen für die Bereitstellung einer akkuraten Übersetzung unternommen. Bitte beachten Sie, dass automatisierte Übersetzungen nicht perfekt sind und menschliche Übersetzer in keinem Fall ersetzen sollen. Übersetzungen werden den Nutzern der Kaspersky-Lab-Website als Service und "wie sie sind" zur Verfügung gestellt. Die Richtigkeit, Zuverlässigkeit oder Korrektheit jeglicher Übersetzungen aus dem Englischen in eine andere Sprache wird weder ausdrücklich noch stillschweigend garantiert. Einige Inhalte (z. B. Bilder, Videos, Flash, usw.) können aufgrund der Einschränkungen der Übersetzungssoftware möglicherweise nicht inhaltsgetreu übersetzt werden.
Kaspersky ID:
KLA10643
Erkennungsdatum:
08/11/2015
Aktualisiert:
03/29/2019

Beschreibung

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, conduct CSS attack, gain privileges or execute arbitrary code.

Below is a complete list of vulnerabilities

  1. Several memory safety bugs can be exploited remotely via an unknown vectors to cause denial of service or execute arbitrary code;
  2. Out-of-bounds reading error can be exploited remotely via a specially designed MP3 file to cause denial of service or execute arbitrary code;
  3. Use-after-free vulnerability at Web Audio API can be exploited remotely via an unknown vectors to cause denial of service or execute arbitrary code;
  4. An unknown vulnerability can be exploited via specially designed JSON to bypass intended restrictions;
  5. Multiple overflows can be exploited remotely via a specially designed MPEG4 video to cause denial of service or execute arbitrary code;
  6. Race condition at Mozilla Maintenance Service can be exploited locally (Microsoft Windows only) to execute arbitrary code or gain privileges;
  7. Improper files handling at Updater can be exploited locally via a specially designed MAR file to cause denial of service or execute arbitrary code;
  8. An unknown vulnerability can be exploited remotely via address manipulation to conduct man-in-the-middle attack and bypass intended restrictions;
  9. An unknown vulnerability at JavaScript can be exploited remotely via a specially designed views to cause denial of service;
  10. Heap overflow can be exploited remotely via a specially designed bitmap (for Linux with Gnome only) to cause denial of service or execute arbitrary code;
  11. Buffer overflows can be exploited remotely via a specially designed WebM file to cause denial of service or execute arbitrary code;
  12. Multiple memory vulnerabilities can be exploited via an unknown vectors to cause denial of service;
  13. Improper implementation of security policies can be exploited remotely via a specially design URLs to conduct cross-site-scripting attack;
  14. Use-after-free vulnerability can be exploited remotely via an unknown vectors to cause denial of service.

Technical details

Bugs named in (1) are unexploitable at all. But some can be exploited under certain circumstances and some of exploitable can cause code execution.

(2) to exploit this vulnerability malicious can design MP3 file which switches sample formats.

(3) occurs at interaction of MediaStream with Web Audio API.

Some non-configurable properties on JS objects can be changed while JSON interaction. Which cause same-origin bypass (4).

MPEG4 can be used to exploit (5) via malicious ’saio‘ chunk, invalid size parameter in ESDS chunk or artlessly corrupt file.

Usage of a hard link by means of race condition at Mozilla Maintenance Service on Windows can write log file into restricted location. If someone can run privileged program which used overwrote file (6) can be triggered.

(7) can be exploited by specially designed name of MAR (Mozilla ARchive) file. Also to exploit this vulnerability malicious user must create such named file and let Updater use it.

Opening target page prefixed by feed: using POST disabling mixed content blocker for that page (8).

(9) caused by a crash, occurs when JavaScript when using shared memory, does not properly gate access to Atomics or SharedArrayBuffer views.

Heap overflow in gdk-pixbuf causes (10), which can be triggered by bitmap scaling.

(11) caused by buffer overflows in Libvpx used for WebN video decoding.

(12) explored through code inspection and doesn’t have clear exploit mechanism. But vulnerable if mechanism would be found.

CSP implementation in Firefox does not match specification. By specification states that blob, data and filesystem URLs should be excluded when matching wildcard. But current culnerable implementation allows these URLs in case of asterisk (*) wildcard (13).

(14) can be triggered by recursive calling .open() on an XMLHttpRequest in a SharedWorker.

Ursprüngliche Informationshinweise

CVE Liste

  • CVE-2015-4493
    critical
  • CVE-2015-4492
    critical
  • CVE-2015-4491
    critical
  • CVE-2015-4490
    critical
  • CVE-2015-4489
    critical
  • CVE-2015-4488
    critical
  • CVE-2015-4487
    critical
  • CVE-2015-4486
    critical
  • CVE-2015-4485
    critical
  • CVE-2015-4484
    critical
  • CVE-2015-4483
    critical
  • CVE-2015-4482
    critical
  • CVE-2015-4481
    critical
  • CVE-2015-4480
    critical
  • CVE-2015-4479
    critical
  • CVE-2015-4478
    critical
  • CVE-2015-4477
    critical
  • CVE-2015-4475
    critical
  • CVE-2015-4474
    critical
  • CVE-2015-4473
    critical

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com

Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!
Kaspersky Next
Let´s go Next: Cybersicherheit neu gedacht
Erfahren Sie mehr
Neu: Kaspersky!
Dein digitales Leben verdient umfassenden Schutz!
Erfahren Sie mehr
Confirm changes?
Your message has been sent successfully.