Highly critical vulnerabilities in Mozilla Firefox and Thunderbird – October 17, 2014

Posted: October 17, 2014 in Vulnerabilities
Tags: , ,


Vulnerabilities in Mozilla Firefox and ThunderbirdMultiple vulnerabilities in Mozilla Firefox, Firefox ESR and Thunderbird

The remote user can bypass certain security restrictions, gain access to sensitive information and compromise a vulnerable system.

Danger level: High
Availability of corrections: Yes
Quantity of vulnerabilities: 10

CVSSv2 Rating:

(AV:N/AC:M/Au:N/C:C/I:C/A:N/E:U/RL:W/RC:C) = Base:8.8/Temporal:7.1
(AV:N/AC:M/Au:N/C:C/I:C/A:N/E:U/RL:W/RC:C) = Base:8.8/Temporal:7.1
(AV:N/AC:M/Au:N/C:P/I:C/A:N/E:U/RL:W/RC:C) = Base:7.8/Temporal:6.3
(AV:N/AC:M/Au:N/C:C/I:C/A:N/E:U/RL:W/RC:C) = Base:8.8/Temporal:7.1
(AV:N/AC:M/Au:N/C:C/I:C/A:N/E:U/RL:W/RC:C) = Base:8.8/Temporal:7.1
(AV:N/AC:M/Au:N/C:P/I:C/A:N/E:U/RL:W/RC:C) = Base:7.8/Temporal:6.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:W/RC:C) = Base:4.3/Temporal:3.5
(AV:N/AC:M/Au:N/C:C/I:C/A:N/E:U/RL:W/RC:C) = Base:8.8/Temporal:7.1
(AV:N/AC:M/Au:N/C:P/I:C/A:N/E:U/RL:W/RC:C) = Base:7.8/Temporal:6.3

CVE ID:

1. CVE-2014-1574
2. CVE-2014-1575
3. CVE-2014-1576
4. CVE-2014-1577
5. CVE-2014-1578
6. CVE-2014-1580
7. CVE-2014-1582
8. CVE-2014-1584
9. CVE-2014-1585
10. CVE-2014-1586

Vector of operation: Remote
Impact: Disclosure of sensitive data, Security Bypass, system compromise

Affected Products: Mozilla Firefox 31.x, Mozilla Firefox 32, Firefox 33, Mozilla Thunderbird 31.x

Affected versions: Mozilla Firefox ESR 31.1, Mozilla Firefox 32, Firefox 33, Mozilla Thunderbird 31.1

Browser Usage Stats

Description:

1. The memory corruption and application crash (CVE-2014-1574). The unspecified vulnerability in the browser engine allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.

2. The vulnerability (CVE-2014-1575) is caused due to unknown errors in the browser engine. This allow remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp.

3. (CVE-2014-1576) Heap-based buffer overflow in the nsTransformedTextRun function allows remote attackers to execute arbitrary code via Cascading Style Sheets token sequences. This can cause a crash that is potentially exploitable.

4. The vulnerability (CVE-2014-1577) in the mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem allows remote attackers to obtain sensitive information from process memory or cause a denial of service.

5. Out-of-bounds write and application crash (CVE-2014-1578) An unspecified error in the get_tile function when buffering WebM video format. This allows remote attackers to cause a denial of service or possibly execute arbitrary code via WebM frames.

Note: The successful exploitation of vulnerabilities  # 1, #2, # 3, #4 and # 5 allows a remote user to compromise a vulnerable system.

6. (CVE-2014-1580) Mozilla Firefox does not properly initialize memory for GIF images. The resulting series of images then uses this uninitialized memory during rendering, allowing remote attackers to obtain sensitive information from process memory.

7. (CVE-2014-1582) The Public Key Pinning implementation in Mozilla Firefox does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address. This could allow the use of a fraudulent certificate and allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site.

8. The vulnerability (CVE-2014-1584) is due to an error in the Public Key Pinning implementation in Mozilla Firefox, which skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate.

9. The vulnerability (CVE-2014-1585) is caused due to issues with privacy and video sharing using WebRTC. A remote user can cause spontaneous activation of the camera.

10. The vulnerability in content/base/src/nsDocument.cpp (CVE-2014-1586) allows remote attackers to obtain sensitive information from the local camera.

Solution: Install the latest versions of the products from the manufacturer.

Links:


Vulnerabilities in Mozilla Firefox and ThunderbirdManufacturer URLs:
https://www.mozilla.org/en-US/firefox/new/
http://www.mozilla.org/en-US/thunderbird/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s