Дата обнаружения
|
11/08/2015 |
Уровень угрозы
|
Critical |
Описание
|
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, conduct CSS attack, gain privileges or execute arbitrary code. Below is a complete list of vulnerabilities
Technical details Bugs named in (1) are unexploitable at all. But some can be exploited under certain circumstances and some of exploitable can cause code execution. (2) to exploit this vulnerability malicious can design MP3 file which switches sample formats. (3) occurs at interaction of MediaStream with Web Audio API. Some non-configurable properties on JS objects can be changed while JSON interaction. Which cause same-origin bypass (4). MPEG4 can be used to exploit (5) via malicious ‘saio’ chunk, invalid size parameter in ESDS chunk or artlessly corrupt file. Usage of a hard link by means of race condition at Mozilla Maintenance Service on Windows can write log file into restricted location. If someone can run privileged program which used overwrote file (6) can be triggered. (7) can be exploited by specially designed name of MAR (Mozilla ARchive) file. Also to exploit this vulnerability malicious user must create such named file and let Updater use it. Opening target page prefixed by feed: using POST disabling mixed content blocker for that page (8). (9) caused by a crash, occurs when JavaScript when using shared memory, does not properly gate access to Atomics or SharedArrayBuffer views. Heap overflow in gdk-pixbuf causes (10), which can be triggered by bitmap scaling. (11) caused by buffer overflows in Libvpx used for WebN video decoding. (12) explored through code inspection and doesn’t have clear exploit mechanism. But vulnerable if mechanism would be found. CSP implementation in Firefox does not match specification. By specification states that blob, data and filesystem URLs should be excluded when matching wildcard. But current culnerable implementation allows these URLs in case of asterisk (*) wildcard (13). (14) can be triggered by recursive calling .open() on an XMLHttpRequest in a SharedWorker. |
Пораженные продукты
|
Mozilla Firefox versions earlier than 40.0 |
Решение
|
Update to the latest version |
Первичный источник обнаружения
|
Mozilla Foundation Security Advisories |
Оказываемое влияние
?
|
ACE
[?]
DoS
[?]
SB
[?]
PE
[?]
XSS/CSS
[?]
SUI
[?]
|
Связанные продукты
|
Mozilla Firefox Mozilla Firefox ESR |
CVE-IDS
|
CVE-2015-44939.3Critical CVE-2015-44927.5Critical CVE-2015-44916.8High CVE-2015-44904.3Warning CVE-2015-44897.5Critical CVE-2015-44887.5Critical CVE-2015-44877.5Critical CVE-2015-44845.0Critical CVE-2015-44834.3Warning CVE-2015-44824.6Warning CVE-2015-44813.3Warning CVE-2015-44809.3Critical CVE-2015-44785.0Critical CVE-2015-44757.5Critical |
Эксплуатация
|
Public exploits exist for this vulnerability. |
Узнай статистику распространения уязвимостей в твоем регионе |