Kaspersky ID:
KLA10723
Detect Date:
12/15/2015
Updated:
06/03/2020

Description

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Memory safety bugs can be exploited remotely to execute arbitrary code;
  2. Multiple implementation errors at JavaScript engine can be exploited remotely via a specially designed JavaScript to execute arbitrary code or cause denial of service;
  3. An unknown vulnerability can be exploited remotely via a specially designed web page to bypass same-origin policy and obtain sensitive information;
  4. Improper cookie symbols storing can be exploited remotely via a specially designed symbols to obtain sensitive information;
  5. Use-after-free vulnerability at WebRTC can be exploited remotely to execute arbitrary code;
  6. Integer overflow can be exploited remotely via a specially designed graphics operations to execute arbitrary code;
  7. An unknown vulnerability at error events can be exploited remotely to obtain sensitive information;
  8. Improper symbols handling at URI can be exploited remotely via a specially designed URI to spoof user interface;
  9. Integer underflow can be exploited remotely to cause denial of service;
  10. Obsolete and unsupported libraries using can be exploited; (Gnome Linux)
  11. Multiple buffer overflows can be exploited remotely to cause denial of service;
  12. Underflow can be exploited remotely to cause denial of service or obtain sensitive information;
  13. Integer overflow can be exploited remotely via a specially designed MP4 to execute arbitrary code; (64-bit)
  14. Integer underflow vulnerability can be exploited remotely via a specially designed MP4 file to execute arbitrary code;
  15. An unknown vulnerability at WebExtension APIs can be exploited remotely to gain privileges or obtain sensitive information;
  16. An unknown vulnerability can be exploited remotely via a specially designed URI’s to bypass security restrictions and obtain sensitive indormation.

Technical details

Vulnerability (2) related to implementation error with unboxed objects and property storing. This vulnerability can be triggered during some Javascript variables assignment.

Vulnerability (3) can be triggered if perfomance.getEntries() is used with iframe to host a page. This vulnerability could lead to cross-origin URLs following (Navigating back through script , content is pulled from browser cache for the redirected location instead original)

Vulnerability (4) caused by storing ASCII code 11 for vertical tab at cookie in violation of RFC6265. This vulnerability can lead to incorrect server-side cookie handling which in its turn can lead to ability of setting and reading cookie data.

Vulnerability (5) related to timing issues that causes WebRTC to trust that datachannel is open after another WebRTC function closed it.

Vulnerability (6) emerges when allocating textures of extremely large sizes at mozilla::layers::BufferTextureClient::AllocateForSurface.

Vulnerability (7) leaks information through error events in web workers. This information could be used to gain authentication tokens and other data.

Vulnerability (8) caused by improper ‘#’ symbol handling at data: URI which can lead to spoof URI.

Vulnerability (9) can be triggered via malformed HTTP2 header frame with only a single byte or HTTP2 PushPromise frame with miscalculation of decompressed buffer size.

Vulnerability (10) caused by using system’s gdk-pixbuf library to render thumbnails for file choose dialog. Some of image decoders (Jasper and TGA) supported in this library unmantained and vulnerable. This vulnerability affects only Linux systems with Gnome.

Vulnerability (11) related to OOM in DirectWriteFontInfo::LoadFontFamilyData, XDRBuffer::grow and nsDeque::GrowCapacity.

Vulnerability (12) related to RTPReceiverVideo::ParseRtpPacket.

Vulnerability (13) related to MPEG4Extractor::readMetaData.

Vulnerability (14) related to libstagefright and can be triggered while parsing MP4 cover metadata in Metadata::setData.

Vulnerability (16) can be triggered via data: and view-source: URIs and can lead to read cross-site URLs and local files.

Original advisories

Related products

CVE list

  • CVE-2015-7223
    warning
  • CVE-2015-7201
    critical
  • CVE-2015-7202
    critical
  • CVE-2015-7203
    critical
  • CVE-2015-7204
    high
  • CVE-2015-7205
    critical
  • CVE-2015-7207
    critical
  • CVE-2015-7208
    critical
  • CVE-2015-7210
    critical
  • CVE-2015-7211
    critical
  • CVE-2015-7212
    critical
  • CVE-2015-7213
    high
  • CVE-2015-7214
    critical
  • CVE-2015-7215
    critical
  • CVE-2015-7216
    high
  • CVE-2015-7217
    warning
  • CVE-2015-7218
    critical
  • CVE-2015-7219
    critical
  • CVE-2015-7220
    critical
  • CVE-2015-7221
    critical
  • CVE-2015-7222
    high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.