USN-2656-1: Firefox vulnerabilities
First published: Thu Jul 09 2015(Updated: )
Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733) Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726) Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727) Paul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728) Holger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730) A use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731) Ronald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) David Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741) Jonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743) Matthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/firefox | <39.0+build5-0ubuntu0.15.04.1 | 39.0+build5-0ubuntu0.15.04.1 |
| =15.04 | ||
| All of | ||
| ubuntu/firefox | <39.0+build5-0ubuntu0.14.10.1 | 39.0+build5-0ubuntu0.14.10.1 |
| =14.10 | ||
| All of | ||
| ubuntu/firefox | <39.0+build5-0ubuntu0.14.04.1 | 39.0+build5-0ubuntu0.14.04.1 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2015-2721
- https://ubuntu.com/security/CVE-2015-2722
- https://ubuntu.com/security/CVE-2015-2724
- https://ubuntu.com/security/CVE-2015-2725
- https://ubuntu.com/security/CVE-2015-2726
- https://ubuntu.com/security/CVE-2015-2727
- https://ubuntu.com/security/CVE-2015-2728
- https://ubuntu.com/security/CVE-2015-2729
- https://ubuntu.com/security/CVE-2015-2730
- https://ubuntu.com/security/CVE-2015-2731
- https://ubuntu.com/security/CVE-2015-2733
- https://ubuntu.com/security/CVE-2015-2734
- https://ubuntu.com/security/CVE-2015-2735
- https://ubuntu.com/security/CVE-2015-2736
- https://ubuntu.com/security/CVE-2015-2737
- https://ubuntu.com/security/CVE-2015-2738
- https://ubuntu.com/security/CVE-2015-2739
- https://ubuntu.com/security/CVE-2015-2740
- https://ubuntu.com/security/CVE-2015-2741
- https://ubuntu.com/security/CVE-2015-2743
- https://ubuntu.com/security/CVE-2015-4000
- https://ubuntu.com/security/notices/USN-2673-1
- https://ubuntu.com/security/notices/USN-2672-1
- https://ubuntu.com/security/notices/USN-2656-2
- https://ubuntu.com/security/notices/2696-1
- https://ubuntu.com/security/notices/USN-2706-1
- https://ubuntu.com/security/notices/USN-2696-1
- https://launchpad.net/ubuntu/+source/firefox/39.0+build5-0ubuntu0.15.04.1
- https://launchpad.net/ubuntu/+source/firefox/39.0+build5-0ubuntu0.14.10.1
- https://launchpad.net/ubuntu/+source/firefox/39.0+build5-0ubuntu0.14.04.1
- https://ubuntu.com/security/notices/USN-2656-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this security advisory?
The vulnerability ID for this security advisory is CVE-2015-...
What software is affected by this vulnerability?
The Firefox web browser version 39.0+build5-0ubuntu0.15.04.1 on Ubuntu 15.04, version 39.0+build5-0ubuntu0.14.10.1 on Ubuntu 14.10, and version 39.0+build5-0ubuntu0.14.04.1 on Ubuntu 14.04 is affected by this vulnerability.
What is the severity of this vulnerability?
The severity of this vulnerability is not specified in the security advisory.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by performing a machine-in-the-middle attack to skip the ServerKeyExchange message and remove the forward-secrecy property.
How can I fix this vulnerability?
To fix this vulnerability, update your Firefox browser to version 39.0+build5-0ubuntu0.15.04.1 on Ubuntu 15.04, version 39.0+build5-0ubuntu0.14.10.1 on Ubuntu 14.10, or version 39.0+build5-0ubuntu0.14.04.1 on Ubuntu 14.04.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- anchor-related/USN-2673-1
- anchor-related/USN-2672-1
- anchor-related/USN-2656-2
- anchor-related/USN-2706-1
- anchor-related/USN-2696-1
- agent/software-canonical-lookup
- agent/title
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/15.04
- version/ubuntu ubuntu/14.10
- version/ubuntu ubuntu/14.04