Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution

ITS Advisory Number: 
2015-115
Date(s) Issued: 
Wednesday, September 23, 2015
Subject: 
Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution
Overview: 

Multiple vulnerabilities have been identified in Mozilla Firefox, which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Firefox ESR is a version of the web browser intended to be deployed in large organizations. Firefox OS is the mobile operating system developed by Mozilla.

Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Mozilla Firefox versions prior to 41
  • Firefox ESR versions prior to 38.3
  • Firefox OS versions prior to 2.5
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Mozilla has confirmed multiple vulnerabilities in Firefox, Firefox ESR, and Firefox OS. Exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user or vulnerable application, crash the affected application, disclose sensitive information, bypass the same-origin policy and other security restrictions, and perform unauthorized actions. These vulnerabilities could be exploited if a user visits or is redirected to a specially-crafted webpage or opens a specially-crafted file. Details of these vulnerabilities are as follows:

 

  • Two unspecified memory corruption vulnerabilities exist that could lead to arbitrary code execution (CVE-2015-4500, CVE-2015-4501)
  • One vulnerability that could lead to exposure of memory or private data to malicious servers (CVE-2015-4503)
  • One out of bounds read vulnerability in QCMS color management library which could lead to information disclosure (CVE-2015-4504)
  • One vulnerability which could potentially lead to site attribute spoofing by pasting a URL with an unknown scheme ( CVE-2015-4476)
  • One vulnerability which could lead to arbitrary file manipulation by local user through the Mozilla updater (CVE-2015-4505)
  • One vulnerability in libvpx while parsing vp9 format video which could lead to buffer overflow (CVE-2015-4506)
  • One vulnerability when using the debugger with SavedStacks in Javascript could lead to potentially exploitable crash (CVE-2015-4507)
  • One vulnerability in reader mode which could lead to spoof the URL displayed in the addressed bar (CVE-2015-4508)
  • One use-after-free vulnerability exists when using a shared worker with indexDB which could lead to a potentially exploitable crash (CVE-2015-4510)
  • One buffer overflow vulnerability exists while decoding WebM videos which could lead to a potentially exploitable crash
  • One use-after-free vulnerability exists while manipulating HTML media content which could lead to a potentially exploitable crash (CVE-2015-4509)
  • One out of bounds read vulnerability exists while utilizing 2D canvas display on Linux 16-bit color depth systems (CVE-2015-4512)
  • One vulnerability exists in the way data is passed to a scripted proxy which violates the specifications set in place (CVE-2015-4502)
  • One vulnerability exists in Gecko's implementation of ECMAScript 5 API which could lead to arbitrary code execution (CVE-2015-4516)
  • One vulnerability exists in the way dragged and dropped images are handled which could lead to information leakage (CVE-2015-4519)
  • One vulnerability exists in the way Cross-origin resource sharing(CORS) preflight request headers are handled which could lead to CORS security checks being bypassed (CVE-2015-4520)
  • Multiple vulnerabilities were discovered through the use of code inspector which could lead to memory safety issues or bypassing of overflow checks (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) 
  • Two vulnerabilities in the libGLES portion of the ANGEL graphics library which could lead to potentially exploitable crashes (CVE-2015-7178, CVE-2015-7179)
  • One vulnerability in the High Resolution Time API that could lead to information disclosure.

Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

 

Actions: 
  • Apply appropriate updates provided by Mozilla to vulnerable systems, immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
References: 

Mozilla:

https://www.mozilla.org/en-US/security/advisories/mfsa2015-96

https://www.mozilla.org/en-US/security/advisories/mfsa2015-97

https://www.mozilla.org/en-US/security/advisories/mfsa2015-98

https://www.mozilla.org/en-US/security/advisories/mfsa2015-99

https://www.mozilla.org/en-US/security/advisories/mfsa2015-100

https://www.mozilla.org/en-US/security/advisories/mfsa2015-101

https://www.mozilla.org/en-US/security/advisories/mfsa2015-102

https://www.mozilla.org/en-US/security/advisories/mfsa2015-103

https://www.mozilla.org/en-US/security/advisories/mfsa2015-104

https://www.mozilla.org/en-US/security/advisories/mfsa2015-105

https://www.mozilla.org/en-US/security/advisories/mfsa2015-106

https://www.mozilla.org/en-US/security/advisories/mfsa2015-107

https://www.mozilla.org/en-US/security/advisories/mfsa2015-108

https://www.mozilla.org/en-US/security/advisories/mfsa2015-109

https://www.mozilla.org/en-US/security/advisories/mfsa2015-110

https://www.mozilla.org/en-US/security/advisories/mfsa2015-111

https://www.mozilla.org/en-US/security/advisories/mfsa2015-112

https://www.mozilla.org/en-US/security/advisories/mfsa2015-113

https://www.mozilla.org/en-US/security/advisories/mfsa2015-114

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4504

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4503

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4476

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4505

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4507

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4508

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4510

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4512

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4502

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4516

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7178

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7179

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180