Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution

ITS Advisory Number: 
2015-098
Date(s) Issued: 
Thursday, August 13, 2015
Subject: 
Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution
Overview: 

Multiple vulnerabilities have been identified in Mozilla Firefox, which allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Firefox ESR is a version of the web browser intended to be deployed in large organizations. Firefox OS is the mobile operating system developed by Mozilla. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Mozilla Firefox versions prior to 40
  • Firefox ESR versions prior to 38.2
  • Firefox OS 2.2
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Mozilla has confirmed multiple vulnerabilities in Firefox, Firefox ESR, and Firefox OS, which an attacker could exploit to execute arbitrary code in the context of the logged on user or vulnerable application, crash the affected application, disclose sensitive information, bypass the same-origin policy and other security restrictions, and perform unauthorized actions. These vulnerabilities could be exploited if a user visits or is redirected to a specially-crafted webpage or opens a specially-crafted file. Details of these vulnerabilities are as follows:

  • Multiple unspecified memory-corruption vulnerabilities exist in the browser engine, which could allow for the arbitrary code execution. (CVE-2015-4473, CVE-2015-4474)
  • Multiple buffer overflow vulnerabilities exist in the Libvpx library, which could allow for arbitrary code execution. (CVE-2015-4485, CVE-2015-4486, CVE-2015-4491)
  • A use-after-free memory corruption vulnerability occurs when handling audio through the Web Audio API, which could allow for arbitrary code execution. (CVE-2015-4477)
  • A use-after-free vulnerability occurs when recursively calling the 'open()' function on an 'XMLHttpRequest' request in a SharedWorker. (CVE-2015-4492)
  • Multiple memory corruption vulnerabilities exist in 'nsTSubstring::ReplacePrep', 'StyleAnimationValue::operator=', and 'nsTArray_Impl' (CVE-2015-4487, CVE-2015-4488, CVE-2015-4489)
  • A cross-site scripting vulnerability exists in the Content Security Policy, which could allow for arbitrary code execution. (CVE-2015-4490)
  • Multiple integer-overflow vulnerabilities exist in 'libstagefright', which could allow for arbitrary code execution. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)
  • Arbitrary file-overwrite vulnerability occurs due to a race condition involving the Mozilla Maintenance Service, which could allow an attacker to write arbitrary files. (CVE-2015-4481)
  • Same-origin policy by-pass while parsing JSON, which could allow for properties to be modified with arbitrary values. (CVE-2015-4478)
  • Multiple out-of-bounds memory corruption vulnerabilities exist, which could allow an attacker to obtain sensitive information or cause a denial of serve. (CVE-2015-4475, CVE-2015-4482) 
  • Shared Memory Access vulnerability exists regarding the 'void js::jit::AssemblerX86Shared::lock_addl' function, which could result in a denial of service. (CVE-2015-4484)
  • Man-in-the-middle vulnerability exists when using a POST with the 'feed:' protocol, which could allow for information disclosure. (CVE-2015-4483
Actions: 
  • After appropriate testing, apply updates provided by Mozilla Firefox to vulnerable systems.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
References: 

Mozilla:

https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-71/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-72/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-73/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-74/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-75/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-76/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-77/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4474

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4477

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4480

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4481

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4482

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4483

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4490

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4493