DIESER SERVICE KANN ÜBERSETZUNGEN VON GOOGLE ENTHALTEN. GOOGLE ÜBERNIMMT KEINERLEI VERANTWORTUNG FÜR DIE ÜBERSETZUNGEN. DARUNTER FÄLLT JEGLICHE VERANTWORTUNG IN BEZUG AUF RICHTIGKEIT UND ZUVERLÄSSIGKEIT SOWIE JEGLICHE STILLSCHWEIGENDEN GEWÄHRLEISTUNGEN DER MARKTGÄNGIGKEIT, NICHT-VERLETZUNG VON RECHTEN DRITTER ODER DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK. Die Website von Kaspersky Lab wurde für Ihre Bequemlichkeit mithilfe einer Übersetzungssoftware von Google Translate übersetzt. Es wurden angemessene Bemühungen für die Bereitstellung einer akkuraten Übersetzung unternommen. Bitte beachten Sie, dass automatisierte Übersetzungen nicht perfekt sind und menschliche Übersetzer in keinem Fall ersetzen sollen. Übersetzungen werden den Nutzern der Kaspersky-Lab-Website als Service und "wie sie sind" zur Verfügung gestellt. Die Richtigkeit, Zuverlässigkeit oder Korrektheit jeglicher Übersetzungen aus dem Englischen in eine andere Sprache wird weder ausdrücklich noch stillschweigend garantiert. Einige Inhalte (z. B. Bilder, Videos, Flash, usw.) können aufgrund der Einschränkungen der Übersetzungssoftware möglicherweise nicht inhaltsgetreu übersetzt werden.
Lösungen für:
Privatanwender
Unternehmen
Unternehmen
Unternehmen
Schwachstellen Bedrohungen
Home Schwachstellen

Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Kaspersky ID:
KLA10765
Erkennungsdatum:
03/08/2016
Aktualisiert:
03/29/2019

Beschreibung

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code, spoof user interface, gain privileges and write local files.

Below is a complete list of vulnerabilities

  1. Multiple memory safety bugs at browser engine can be exploited remotely to cause denial of service and possibly execute arbitrary code;
  2. Lack of report URI restrictions at Content Security Policy (CSP) violation reports can be exploited remotely via a specially designed page to overwrite arbitrary file;
  3. Lack of specification restrictions implementation at CSP violation reports can be exploited remotely to obtain sensitive information;
  4. Improper memory handling can be exploited remotely via a specially designed WebGL operations to cause denial of service; (Linux)
  5. Memory leak at libstagefright can be exploited remotely via a specially designed MPEG4 video;
  6. An unknown vulnerability can be exploited remotely via a specially designed JavaScript to spoof user interface;
  7. An unknown vulnerability at Clients API in Service Workers can be exploited to cause denial of service or possibly execute arbitrary code;
  8. Use-after-free vulnerability at HTML5 string parser can be exploited remotely via a specially designed content to cause denial of service or possibly execute arbitrary code;
  9. Use-after-free vulnerability at HTMLDocument can be exploited remotely via a specially designed content to cause denial of service or execute arbitrary code;
  10. Use-after-free vulnerability at WebRTC can be exploited remotely to cause denial of service or execute arbitrary code;
  11. An unknown vulnerability at FileReader API can be exploited locally via files manipulation to cause denial of service or gain privileges;
  12. Use-after-free vulnerability at XML transformation can be exploited remotely via a specially designed web content;
  13. An unknown vulnerability can be exploited remotely via sites navigation manipulations to spoof user interface;
  14. An unknown vulnerability can be exploited remotely via a specially designed redirect to bypass security restrictions;
  15. Pointer underflow at Brotli can be exploited remotely to cause denial of service or execute arbitrary code;
  16. An improper pointer dereference at NPAPI can be exploited remotely via a specially designed plugin in concert with specially designed web content to cause denial of service or execute arbitrary code;
  17. An integer underflow at WebRTC possibly can be exploited remotely via a specially designed web content to cause denial of service or execute arbitrary code;
  18. Missing status check at WebRTC potentially can be exploited remotely via a specially designed web content to cause denial of service or execute arbitrary code; (Windows)
  19. Multiple race conditions at WebRTC potentially can be exploited remotely via a specially designed web content to cause denial of service or execute arbitrary code;
  20. Deleted pointers usage at WebRTC potentially can be exploited remotely via a specially designed web content to cause denial of service or execute arbitrary code;
  21. A race condition at LibVPX potentially can be exploited remotely via a specially designed web content to cause denial of service or execute arbitrary code;
  22. Use-after-free vulnerability at WebRTC can be exploited remotely via a specially designed web content to cause denial of service or possibly execute arbitrary code;
  23. Out-of-bounds vulnerability at HTML parser can be exploited remotely via a specially unicode strings or XML and SVG content to cause denial of service or possibly execute arbitrary code;
  24. Buffer overflow at obsolete version of Network Security Service (NSS) can be exploited remotely via a specially designed certificate to cause denial of service or execute arbitrary code;
  25. Use-after-free vulnerability at obsolete version of NSS can be exploited remotely via a specially designed key to cause denial of service;
  26. Multiple uninitialized memory usages, out-of-bounds read, out-of-bounds write and other unknown vulnerabilities can be exploited remotely to cause denial of service or possibly execute arbitrary code.

Technical details

Vulnerability (1) related to js/src/jit/arm/Assembler-arm.cpp and other unknown vectors.

Vulnerability (2) related to nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp which does not prevent non-HTTP report-URI for a CSP violation report. This vulnerability can be triggered if user has disabled add-on signing and has installed unpacked add-on.

Vulnerability (3) caused by storing full path information for cross-origin iframe navigations.

Vulnerability (4) can be exploited via performing WebGL operations in a canvas requiring an unusually large amount buffer to be allocated. This vulnerability can be exploited on Linux with Intel video driver used. If vulnerability exploited successfully it will be required to reboot computer to return functionality.

Vulnerability (5) can be exploited via video which triggers a delete operation on an array.

Vulnerability (6) related to browser/base/content/browser.js which allows spoof address bar via jsvscropt: URL.

Vulnerability (8) can be exploited via content triggers mishandling of end tags. This vulnerability related to nsHtml5TreeBuilder.

Vulnerability (9) can be exploited via content triggers mishandling of root element, This vulnerability related to nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp

Vulnerability (10) can be exploited via leveraging mishandling of WebRTC data-channel connection.

Vulnerability (11) can be exploited via files modification during FileReader API read operation.

Vulnerability (12) related to AtomicBaseIncDec function.

Vulnerability (13) can be exploited via navigation sequences which involve returning back. If user returns to original page displayed URL will not reflect reloaded page location.

Vulnerability (14) related to already fixed bug CVE-2015-7207. It was discovered that history navigation in restored browser session still allow same attack.

Vulnerability (16) related to nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp

Vulnerability (17) related to srtp_unprotect function.

Vulnerability (18) related to I420VideoFrame::CreateFrame function on Windows.

Vulnerability (19) related to dom/media/systemservices/CamerasChild.cpp

Vulnerability (20) related to DesktopDisplayDevice class.

Vulnerability (22) related to GetStaticInstance function.

Vulnerability (23) related to nsScannerString::AppendUnicodeTo function which does not verify success of memory allocation.

Vulnerability (24) related to vulnerability in NSS versions earlier than 3.19.2.3 and 3.20 versions earlier than 3.21. This vulnerability can be exploited remotely via a specially designed ASN.1 data in X.509 certificate.

Vulnerability (25) related to PK11_ImportDERPrivateKeyInfoAndReturnKey function. This vulnerability can be exploited via a key with DER encoded data.

Vulnerability (26) related to multiple different vulnerabilities in code which corresponds vectors listed below:

  1. Machine::Code::decoder::analysis::set_ref function;
  2. graphite2::TtfUtil::GetTableInfo function;
  3. graphite2::GlyphCache::glyph function;
  4. graphite2::Slot::getAttr function in Slot.cpp;
  5. CachedCmap.cpp;
  6. graphite2::TtfUtil::CmapSubtable12NextCodepoint function;
  7. graphite2::FileFace::get_table_fn function;
  8. graphite2::vm::Machine::Code::Code function;
  9. graphite2::TtfUtil::CmapSubtable12Lookup function;
  10. graphite2::GlyphCache::Loader::Loader function;
  11. graphite2::Slot::setAttr function;
  12. graphite2::TtfUtil::CmapSubtable4NextCodepoint function;

Ursprüngliche Informationshinweise

CVE Liste

  • CVE-2016-2802
    critical
  • CVE-2016-2801
    critical
  • CVE-2016-2800
    critical
  • CVE-2016-2799
    critical
  • CVE-2016-2798
    critical
  • CVE-2016-2797
    critical
  • CVE-2016-2796
    critical
  • CVE-2016-2795
    critical
  • CVE-2016-2794
    critical
  • CVE-2016-2793
    critical
  • CVE-2016-2792
    critical
  • CVE-2016-2791
    critical
  • CVE-2016-2790
    critical
  • CVE-2016-1979
    critical
  • CVE-2016-1977
    critical
  • CVE-2016-1976
    critical
  • CVE-2016-1975
    critical
  • CVE-2016-1974
    critical
  • CVE-2016-1973
    critical
  • CVE-2016-1972
    critical
  • CVE-2016-1971
    critical
  • CVE-2016-1970
    critical
  • CVE-2016-1968
    critical
  • CVE-2016-1967
    critical
  • CVE-2016-1966
    critical
  • CVE-2016-1965
    critical
  • CVE-2016-1964
    critical
  • CVE-2016-1950
    critical
  • CVE-2016-1952
    critical
  • CVE-2016-1953
    critical
  • CVE-2016-1954
    critical
  • CVE-2016-1955
    critical
  • CVE-2016-1956
    critical
  • CVE-2016-1957
    critical
  • CVE-2016-1958
    critical
  • CVE-2016-1959
    critical
  • CVE-2016-1960
    critical
  • CVE-2016-1961
    critical
  • CVE-2016-1962
    critical
  • CVE-2016-1963
    critical

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com

Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!
Kaspersky Next
Let´s go Next: Cybersicherheit neu gedacht
Erfahren Sie mehr
Neu: Kaspersky!
Dein digitales Leben verdient umfassenden Schutz!
Erfahren Sie mehr
Related articles
19 November 2024
Securelist
Scammer Black Friday offers: Online shopping threats and dark web sales
14 November 2024
Securelist
Сrimeware and financial cyberthreats in 2025
13 November 2024
Securelist
Threats in space (or rather, on Earth): internet-exposed GNSS receivers
11 November 2024
Securelist
Ymir: new stealthy ransomware in the wild
08 November 2024
Securelist
QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns
06 November 2024
Securelist
New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden?
Falls Sie eine neue Bedrohung oder Schwachstelle gefunden haben, können Sie uns dies gerne per Mail mitteilen.
newvirus@kaspersky.com
Sie haben eine neue Bedrohung oder Schwachstelle gefunden?
Falls Sie eine neue Bedrohung oder Schwachstelle gefunden haben, können Sie uns dies gerne per Mail mitteilen.
newvirus@kaspersky.com
Lösungen für
Privatanwender
Unternehmen
Unternehmen
Unternehmen
Select language
Sorting
Kaspersky ID
Schwachstellen
Detect date
Schweregrad
Confirm changes?
Your message has been sent successfully.