KLA10912 Multiple vulnerabilities in Mozilla Firefox

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code, possibly cause denial of service, gain priveleges or make code injections.

Below is a complete list of vulnerabilities:

1. A buffer overflow in SkiaGL can possibly be exploited remotely to cause denial of service;
2. An unknown vulnerability can be exploited remotely via marquee tags to bypass security restrictions and allow inline JavaScript;
3. A use-after free vulnerability within WebVR can be exploited remotely with an unknown impact;
4. Memory corruption while using WebGL functions containing vector constructor with a varying array within libGLES can be exploited remotely and possibly cause denial of service;
5. Use-after-free vulnerability in Editor while performing manipulations with DOM subtrees can be exploited remotely and possibly cause denial of service;
6. An unknown vulnerability can be exploited remotely via crafted SVG images and use of data: URLs to bypass security restrictions and obtain sensitive information;
7. Malicious users can use a JavaScript Map/Set timing attack to find out whether an atom is used in specific contexts by another compartment or zone. This can be performed to obtain sensitive information (for example, usernames embedded in JavaScript code);
8. Improperly sanitized Data from Pocket Server before execution can result in the possibility of HTML injection and access to Pocket’s messaging API;
9. Due to improper validation of origin of incoming events received by Pocket extension, malicious users can fire events, inject code and commands;
10. An HTML injection vulnerability in Mozilla add-ons SDK can be exploited remotely to inject content and scripts into an add-on’s context;
11. Memory safety bugs can be exploited to execute arbitrary code.

Technical details

Vulnerability (9) does not affect users, who have enabled e10s.

NB: This vulnerability have no public CVSS rating so rating can be changed by the time.

NB: At this moment Mozilla just reserved CVE numbers for these vulnerabilities. Information can be changed soon.

Original advisories

Mozilla Foundation Security Advisory 2016-94

Exploitation

Public exploits exist for this vulnerability.

Related products

Mozilla-Firefox

CVE list

CVE-2016-9899 critical

CVE-2016-9895 warning

CVE-2016-9897 warning

CVE-2016-9898 critical

CVE-2016-9900 warning

CVE-2016-9904 warning

CVE-2016-9893 critical

CVE-2016-9901 critical

CVE-2016-9902 warning

CVE-2016-9894 warning

CVE-2016-9896 high

CVE-2016-9903 warning

CVE-2016-9080 critical

Solution

Update to the latest version

Download Mozilla Firefox

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• CI

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• XSS/CSS

Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Mozilla Firefox 50.0.2