DIESER SERVICE KANN ÜBERSETZUNGEN VON GOOGLE ENTHALTEN. GOOGLE ÜBERNIMMT KEINERLEI VERANTWORTUNG FÜR DIE ÜBERSETZUNGEN. DARUNTER FÄLLT JEGLICHE VERANTWORTUNG IN BEZUG AUF RICHTIGKEIT UND ZUVERLÄSSIGKEIT SOWIE JEGLICHE STILLSCHWEIGENDEN GEWÄHRLEISTUNGEN DER MARKTGÄNGIGKEIT, NICHT-VERLETZUNG VON RECHTEN DRITTER ODER DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK.

Die Website von Kaspersky Lab wurde für Ihre Bequemlichkeit mithilfe einer Übersetzungssoftware von Google Translate übersetzt. Es wurden angemessene Bemühungen für die Bereitstellung einer akkuraten Übersetzung unternommen. Bitte beachten Sie, dass automatisierte Übersetzungen nicht perfekt sind und menschliche Übersetzer in keinem Fall ersetzen sollen. Übersetzungen werden den Nutzern der Kaspersky-Lab-Website als Service und "wie sie sind" zur Verfügung gestellt. Die Richtigkeit, Zuverlässigkeit oder Korrektheit jeglicher Übersetzungen aus dem Englischen in eine andere Sprache wird weder ausdrücklich noch stillschweigend garantiert. Einige Inhalte (z. B. Bilder, Videos, Flash, usw.) können aufgrund der Einschränkungen der Übersetzungssoftware möglicherweise nicht inhaltsgetreu übersetzt werden.

KLA10643
Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Aktualisiert: 03/29/2019
Erkennungsdatum
?
08/11/2015
Schweregrad
?
Kritisch
Beschreibung

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, conduct CSS attack, gain privileges or execute arbitrary code.

Below is a complete list of vulnerabilities

  1. Several memory safety bugs can be exploited remotely via an unknown vectors to cause denial of service or execute arbitrary code;
  2. Out-of-bounds reading error can be exploited remotely via a specially designed MP3 file to cause denial of service or execute arbitrary code;
  3. Use-after-free vulnerability at Web Audio API can be exploited remotely via an unknown vectors to cause denial of service or execute arbitrary code;
  4. An unknown vulnerability can be exploited via specially designed JSON to bypass intended restrictions;
  5. Multiple overflows can be exploited remotely via a specially designed MPEG4 video to cause denial of service or execute arbitrary code;
  6. Race condition at Mozilla Maintenance Service can be exploited locally (Microsoft Windows only) to execute arbitrary code or gain privileges;
  7. Improper files handling at Updater can be exploited locally via a specially designed MAR file to cause denial of service or execute arbitrary code;
  8. An unknown vulnerability can be exploited remotely via address manipulation to conduct man-in-the-middle attack and bypass intended restrictions;
  9. An unknown vulnerability at JavaScript can be exploited remotely via a specially designed views to cause denial of service;
  10. Heap overflow can be exploited remotely via a specially designed bitmap (for Linux with Gnome only) to cause denial of service or execute arbitrary code;
  11. Buffer overflows can be exploited remotely via a specially designed WebM file to cause denial of service or execute arbitrary code;
  12. Multiple memory vulnerabilities can be exploited via an unknown vectors to cause denial of service;
  13. Improper implementation of security policies can be exploited remotely via a specially design URLs to conduct cross-site-scripting attack;
  14. Use-after-free vulnerability can be exploited remotely via an unknown vectors to cause denial of service.

Technical details

Bugs named in (1) are unexploitable at all. But some can be exploited under certain circumstances and some of exploitable can cause code execution.

(2) to exploit this vulnerability malicious can design MP3 file which switches sample formats.

(3) occurs at interaction of MediaStream with Web Audio API.

Some non-configurable properties on JS objects can be changed while JSON interaction. Which cause same-origin bypass (4).

MPEG4 can be used to exploit (5) via malicious ’saio‘ chunk, invalid size parameter in ESDS chunk or artlessly corrupt file.

Usage of a hard link by means of race condition at Mozilla Maintenance Service on Windows can write log file into restricted location. If someone can run privileged program which used overwrote file (6) can be triggered.

(7) can be exploited by specially designed name of MAR (Mozilla ARchive) file. Also to exploit this vulnerability malicious user must create such named file and let Updater use it.

Opening target page prefixed by feed: using POST disabling mixed content blocker for that page (8).

(9) caused by a crash, occurs when JavaScript when using shared memory, does not properly gate access to Atomics or SharedArrayBuffer views.

Heap overflow in gdk-pixbuf causes (10), which can be triggered by bitmap scaling.

(11) caused by buffer overflows in Libvpx used for WebN video decoding.

(12) explored through code inspection and doesn’t have clear exploit mechanism. But vulnerable if mechanism would be found.

CSP implementation in Firefox does not match specification. By specification states that blob, data and filesystem URLs should be excluded when matching wildcard. But current culnerable implementation allows these URLs in case of asterisk (*) wildcard (13).

(14) can be triggered by recursive calling .open() on an XMLHttpRequest in a SharedWorker.

Beeinträchtigte Produkte

Mozilla Firefox versions earlier than 40.0
Mozilla Firefox ESR versions earlier than 38.2

Lösung

Update to the latest version
Get Firefox ESR
Get Firefox

Ursprüngliche Informationshinweise

Mozilla Foundation Security Advisories

Folgen
?
ACE 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]

XSS/CSS 
[?]
CVE-IDS
?
CVE-2015-44939.3Critical
CVE-2015-44927.5Critical
CVE-2015-44916.8Critical
CVE-2015-44904.3Critical
CVE-2015-44897.5Critical
CVE-2015-44887.5Critical
CVE-2015-44877.5Critical
CVE-2015-448610.0Critical
CVE-2015-448510.0Critical
CVE-2015-44845.0Critical
CVE-2015-44834.3Critical
CVE-2015-44824.6Critical
CVE-2015-44813.3Critical
CVE-2015-44809.3Critical
CVE-2015-447910.0Critical
CVE-2015-44785.0Critical
CVE-2015-447710.0Critical
CVE-2015-44757.5Critical
CVE-2015-447410.0Critical
CVE-2015-447310.0Critical

Link zum Original