DIESER SERVICE KANN ÜBERSETZUNGEN VON GOOGLE ENTHALTEN. GOOGLE ÜBERNIMMT KEINERLEI VERANTWORTUNG FÜR DIE ÜBERSETZUNGEN. DARUNTER FÄLLT JEGLICHE VERANTWORTUNG IN BEZUG AUF RICHTIGKEIT UND ZUVERLÄSSIGKEIT SOWIE JEGLICHE STILLSCHWEIGENDEN GEWÄHRLEISTUNGEN DER MARKTGÄNGIGKEIT, NICHT-VERLETZUNG VON RECHTEN DRITTER ODER DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK. Die Website von Kaspersky Lab wurde für Ihre Bequemlichkeit mithilfe einer Übersetzungssoftware von Google Translate übersetzt. Es wurden angemessene Bemühungen für die Bereitstellung einer akkuraten Übersetzung unternommen. Bitte beachten Sie, dass automatisierte Übersetzungen nicht perfekt sind und menschliche Übersetzer in keinem Fall ersetzen sollen. Übersetzungen werden den Nutzern der Kaspersky-Lab-Website als Service und "wie sie sind" zur Verfügung gestellt. Die Richtigkeit, Zuverlässigkeit oder Korrektheit jeglicher Übersetzungen aus dem Englischen in eine andere Sprache wird weder ausdrücklich noch stillschweigend garantiert. Einige Inhalte (z. B. Bilder, Videos, Flash, usw.) können aufgrund der Einschränkungen der Übersetzungssoftware möglicherweise nicht inhaltsgetreu übersetzt werden.
Kaspersky ID:
KLA10689
Erkennungsdatum:
11/03/2015
Aktualisiert:
03/29/2019

Beschreibung

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Improper memory handling can be exploited via an unknown vectors to cause denial of service or execute arbitrary code;
  2. Improper authentication requests handling can be exploited remotely via a specially designed web-page to obtain sensitive information;
  3. Lack of content restrictions at Reader mode can be exploited remotely via a specially designed content to bypass CSP security restrictions;
  4. An unknown vulnerability at fullscreen mode can be exploited remotely via a specially designed script to spoof user interface; (Android)
  5. An unknown vulnerability can be exploited via a specially designed HTML file to files manipulations or obtain sensitive information; (Android)
  6. Lack of script execution restrictions at third-party panel addons can be exploited remotely via specially designed inline scripts to execute arbitrary code;
  7. Improper handling hostname as ip address can be exploited remotely via a specially designed hostname to execute arbitrary code;
  8. Race condition at JPEGEncoder can be exploited remotely via a specially designed script to cause denial of service or execute arbitrary code;
  9. Improper privileges restrictions can be exploited via Android intent manipulations to cause denial of service or obtain sensitive information; (Android)
  10. Improper address sterilization ca be exploited remotely via a specially designed Android intent manipulations to execute arbitrary code;
  11. Improper HTML tables exposition can be exploited remotely to execute arbitrary code; (OS X)
  12. Improper CORS implementation can be exploited remotely via a specially designed requests to bypass security restrictions;
  13. An unknown vulnerability at libjar can be exploited remotely via a specially designed ZIP file to execute arbitrary code;
  14. Improper escaped characters parsing can be exploited remotely via a specially designed URL to obtain sensitive information;
  15. Improper Java applets and JavaScript can be exploited remotely to cause denial of service or execute arbitrary code;
  16. Buffer overflow at ANGLE library can be potentially exploited;
  17. Improper status handling at SVG rendering and during cryptographic key manipulations can be potentially exploited;
  18. An unknown vulnerability at web worker can be exploited remotely to bypass security restrictions;
  19. use-after-poison and buffer overflow at Network Security Services can be exploited remotely to cause denial of service or execute arbitrary code;
  20. Integer overflow at Netscape Portable Runtime can be exploited remotely to cause denial fo service or execute arbitrary code.

Technical details

Vulnerability (2) caused by sending type 3 messages during authentication exchange. which in its turn caused by workstation field populating with the hostname of system making request for NTLM-based HTTP authentication. This vulnerability mitigated because NTLM v1 disabled by default.

Reader mode disables scripts for rendered pages through a witelist of allowed HTML content. Vulnerability (3) caused by too permissive whitelist.

Vulnerability (4) caused by not restoring addressbar when window is redrawn from fullscreen to normal mode. Vulnerable behavior can be triggered and then exploited by script.

Locally saved HTML file could use file: URIs to trigger the download of additional files or opening of cached profile data without user awareness. (5)

When a panel is created using the add-on SDK, defining panel with script: false is supposed to disable script execution. But it was found that inline script would still execute. This behavior causes vulnerability (6). add-ons served from addons.mozilla.org are not vulnerable for (6) but third party sites served may be.

Vulnerability (7) caused by trailing whitespaces evaluated differently when parsing IP instead of alphanumeric hostnames.

Firefox can be registered to be used by search engine through Android intent. When Firefox is launched, the URL can be executed with Firefox’s system privileges if the crash reporter is used. This allows reading local log files, potentially leaking private information. This vulnerability (9) affects only Firefox for Android on Android versions 4.4 and earlier. Maximum impact for other android is non-exploitable crash.

Vulnerability (11) triggered by accessibility tools request for index of a table row through the NSAccessibilityIndexAttribute value.

Vulnerability (14) caused by abandoning parsing process when an effected escaped character is encountered followed by a navigation to the previously parsed version of the URL. When site allowing for navigation redirection for escaped characters this could lead to extraction of site-specific tokens.

Vulnerability (15) caused by permission for Java plugin to deallocate JavaScript wrapper. Which leads to a JavaScript garbage collection crash.

Vulnerability (19) caused by errors in octet string parsing. This issue was fixed at NSS versions 3.16.2.1 and 3.19.4 shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.

Vulnerability (20) caused by lack of checks during memory allocation. This issues was fixed in NSPR 4.10.10. NSPR is required component of NSS.

Ursprüngliche Informationshinweise

CVE Liste

  • CVE-2015-7183
    critical
  • CVE-2015-7200
    critical
  • CVE-2015-7199
    critical
  • CVE-2015-7198
    critical
  • CVE-2015-7197
    critical
  • CVE-2015-7196
    critical
  • CVE-2015-7195
    critical
  • CVE-2015-7194
    critical
  • CVE-2015-7193
    critical
  • CVE-2015-7192
    critical
  • CVE-2015-7191
    critical
  • CVE-2015-7190
    critical
  • CVE-2015-7189
    critical
  • CVE-2015-7188
    critical
  • CVE-2015-7187
    critical
  • CVE-2015-7186
    critical
  • CVE-2015-7185
    critical
  • CVE-2015-7182
    critical
  • CVE-2015-7181
    critical
  • CVE-2015-4518
    critical
  • CVE-2015-4515
    critical
  • CVE-2015-4514
    critical
  • CVE-2015-4513
    critical

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com

Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!
Kaspersky Next
Let´s go Next: Cybersicherheit neu gedacht
Erfahren Sie mehr
Neu: Kaspersky!
Dein digitales Leben verdient umfassenden Schutz!
Erfahren Sie mehr
Confirm changes?
Your message has been sent successfully.