KLA10953 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, make code injection, run arbitrary code, bypass security restrictions, cause a denial of service.

Below is a complete list of vulnerabilities

1. Memory corruption vulnerability in JIT code allocation can be exploited remotely to bypass of ASLR and DEP protections leading to a denial of service;
2. Use-after-free vulnerability can be exploited remotely while manipulating XSL in XSLT documents;
3. Incorrect handling of sharing hash codes between pages in java script vulnerability can be exploited remotely to cause a denial of service;
4. Use-after-free vulnerability can be exploited remotely via fuzzing during DOM manipulation of SVG content;
5. Insecure methods in the Json Viewer in the Developer Tools can be exploited remotely to allow a potential privilege escalation;
6. Use-after-free vulnerability in the Media Decoder can be exploited remotely to obtain sensitive information;
7. Improper handling of some Unicode characters in URLs can be exploited remotely to allow spoofing of domain names in the location bar;
8. Improper handling of data: in the WebExtensions scripts can be exploited remotely to obtain sensitive information;
9. Memory corruption vulnerability can be exploited remotely to run arbitrary code;
10. Memory corruption vulnerability in Skia can be exploited remotely to cause a denial of service;
11. Use-after-free vulnerability in Web Animations can be exploited remotely via fuzzing;
12. An unknown vulnerability in the WebExtensions can be exploited remotely to allow a potential privilege escalation;
13. Improper handling of the “export” function in the Certificate Viewer can be exploited to bypass security restrictions;
14. An unknown vulnerability at feed preview of RSS feeds can be exploited remotely to allow a potential privilege escalation;
15. Improper handling of a JavaScript function in the WPAD can be exploited remotely via specially designed proxy auto-config files;
16. Improper handling of the referrer-policy response headers by data sent in multipart channels can be exploited remotely to obtain sensitive information;
17. An unknown vulnerability in a location bar can be exploited remotely to spoof the location bar;
18. Improper handling of content: about: can be exploited remotely to allow a potential privilege escalation;
19. Memory corruption vulnerability can be exploited remotely to cause a denial of service;
20. Improper handling of the CSP headers in the mozAddonManager can be exploited remotely to make code injection;
21. Double firing of the onerror vulnerability can be exploited remotely possibly to obtain sensitive information;
22. Improper handling of STUN server with a large number of webkitRTCPeerConnection objects can be exploited remotely to cause a denial of service.

Technical details

Vulnerability (5) can be caused by using insecure methods of creating a communication channel for copying and viewing JSON or HTTP headers data.

Vulnerability (12) can be caused by modifying the CSP headers with the appropriate permissions and using host requests to redirect script loads to a malicious site.

By exploiting vulnerability (13) remote attacker can save certificate content in unsafe locations with an arbitrary filename.

Vulnerability (17) can be caused by a series of JavaScript events combined with fullscreen mode or scrolling out of the existing location bar on the new page.

Vulnerability (18) can be caused by web content using pages that can load privileged about: pages in an iframe.

Vulnerability (22) can be caused by sending of large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems.

Vulnerabilities 10-22 are only for Mozilla Firefox.

NB: This vulnerability have no public CVSS rating so rating can be changed by the time.

NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon.

Original advisories

MFSA 2017-02

MFSA 2017-01

Exploitation

Public exploits exist for this vulnerability.

Related products

Mozilla-Firefox

Mozilla-Firefox-ESR

CVE list

CVE-2017-5375 critical

CVE-2017-5376 critical

CVE-2017-5378 warning

CVE-2017-5380 critical

CVE-2017-5390 critical

CVE-2017-5396 critical

CVE-2017-5383 warning

CVE-2017-5373 critical

CVE-2017-5377 critical

CVE-2017-5379 warning

CVE-2017-5389 high

CVE-2017-5381 warning

CVE-2017-5382 warning

CVE-2017-5384 warning

CVE-2017-5385 warning

CVE-2017-5386 critical

CVE-2017-5394 high

CVE-2017-5391 critical

CVE-2017-5392 critical

CVE-2017-5393 warning

CVE-2017-5395 warning

CVE-2017-5387 warning

CVE-2017-5388 warning

CVE-2017-5374 critical

Solution

Update to latest versionMozilla Firefox

Mozilla Firefox ESR

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• CI

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• WLF

Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Mozilla Firefox versions earlier than 51.0 Mozilla Firefox ESR versions earlier than 45.7.0