Packages
- firefox - Mozilla Open Source web browser
Details
Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard,
Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan
Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5289, CVE-2016-5290)
A same-origin policy bypass was discovered with local HTML files in some
circumstances. An attacker could potentially exploit this to obtain
sensitive information. (CVE-2016-5291)
A crash was discovered when parsing URLs in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this...
Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard,
Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan
Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5289, CVE-2016-5290)
A same-origin policy bypass was discovered with local HTML files in some
circumstances. An attacker could potentially exploit this to obtain
sensitive information. (CVE-2016-5291)
A crash was discovered when parsing URLs in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to execute arbitrary code. (CVE-2016-5292)
A heap buffer-overflow was discovered in Cairo when processing SVG
content. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of service
via application crash, or execute arbitrary code. (CVE-2016-5296)
An error was discovered in argument length checking in Javascript. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-5297)
An integer overflow was discovered in the Expat library. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash. (CVE-2016-9063)
It was discovered that addon updates failed to verify that the addon ID
inside the signed package matched the ID of the addon being updated.
An attacker that could perform a machine-in-the-middle (MITM) attack could
potentially exploit this to provide malicious addon updates.
(CVE-2016-9064)
A buffer overflow was discovered in nsScriptLoadHandler. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-9066)
2 use-after-free bugs were discovered during DOM operations in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-9067,
CVE-2016-9069)
A heap use-after-free was discovered during web animations in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-9068)
It was discovered that a page loaded in to the sidebar through a bookmark
could reference a privileged chrome window. An attacker could potentially
exploit this to bypass same origin restrictions. (CVE-2016-9070)
An issue was discovered with Content Security Policy (CSP) in combination
with HTTP to HTTPS redirection. An attacker could potentially exploit this
to verify whether a site is within the user's browsing history.
(CVE-2016-9071)
An issue was discovered with the windows.create() WebExtensions API. If a
user were tricked in to installing a malicious extension, an attacker
could potentially exploit this to escape the WebExtensions sandbox.
(CVE-2016-9073)
It was discovered that WebExtensions can use the mozAddonManager API. An
attacker could potentially exploit this to install additional extensions
without user permission. (CVE-2016-9075)
It was discovered that
It was discovered that canvas allows the use of the feDisplacementMap
filter on cross-origin images. An attacker could potentially exploit this
to conduct timing attacks. (CVE-2016-9077)
Update instructions
After a standard system update you need to restart Firefox to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 16.10 yakkety | firefox – 50.0+build2-0ubuntu0.16.10.2 | ||
| 16.04 xenial | firefox – 50.0+build2-0ubuntu0.16.04.2 | ||
| 14.04 trusty | firefox – 50.0+build2-0ubuntu0.14.04.2 | ||
| 12.04 precise | firefox – 50.0+build2-0ubuntu0.12.04.2 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2016-9077
- CVE-2016-9076
- CVE-2016-9075
- CVE-2016-9073
- CVE-2016-9071
- CVE-2016-9070
- CVE-2016-9069
- CVE-2016-9068
- CVE-2016-9067
- CVE-2016-9066
- CVE-2016-9077
- CVE-2016-9076
- CVE-2016-9075
- CVE-2016-9073
- CVE-2016-9071
- CVE-2016-9070
- CVE-2016-9069
- CVE-2016-9068
- CVE-2016-9067
- CVE-2016-9066
- CVE-2016-9064
- CVE-2016-9063
- CVE-2016-5297
- CVE-2016-5296
- CVE-2016-5292
- CVE-2016-5291
- CVE-2016-5290
- CVE-2016-5289