USN-3076-1: Firefox vulnerabilities
First published: Thu Sep 22 2016(Updated: )
Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy (CSP) directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-2827) Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257) Atte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270) Abhishek Arya discovered an out of bounds read during the processing of text runs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-5271) Abhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272) A crash was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5273) A use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274) A buffer overflow was discovered when working with empty filters during canvas rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5275) A use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276) A use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5277) A buffer overflow was discovered when encoding image frames to images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5278) Rafael Gieschke discovered that the full path of files is available to web pages after a drag and drop operation. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5279) Mei Wang discovered a use-after-free when changing text direction. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5280) Brian Carpenter discovered a use-after-free when manipulating SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5281) Richard Newman discovered that favicons can be loaded through protocols not in the allowlist, such as jar:. (CVE-2016-5282) Gavin Sharp discovered a timing attack vulnerability involving document resizes and link colours. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5283) An issue was discovered with the preloaded Public Key Pinning (HPKP). If a machine-in-the-middle (MITM) attacker was able to obtain a fraudulent certificate for a Mozilla site, they could exploit this by providing malicious addon updates. (CVE-2016-5284)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/firefox | <49.0+build4-0ubuntu0.16.04.1 | 49.0+build4-0ubuntu0.16.04.1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =16.04 | |
| All of | ||
| ubuntu/firefox | <49.0+build4-0ubuntu0.14.04.1 | 49.0+build4-0ubuntu0.14.04.1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =14.04 | |
| All of | ||
| ubuntu/firefox | <49.0+build4-0ubuntu0.12.04.1 | 49.0+build4-0ubuntu0.12.04.1 |
| Ubuntu gir1.2-packagekitglib-1.0 | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2016-2827
- https://ubuntu.com/security/CVE-2016-5256
- https://ubuntu.com/security/CVE-2016-5257
- https://ubuntu.com/security/CVE-2016-5270
- https://ubuntu.com/security/CVE-2016-5271
- https://ubuntu.com/security/CVE-2016-5272
- https://ubuntu.com/security/CVE-2016-5273
- https://ubuntu.com/security/CVE-2016-5274
- https://ubuntu.com/security/CVE-2016-5275
- https://ubuntu.com/security/CVE-2016-5276
- https://ubuntu.com/security/CVE-2016-5277
- https://ubuntu.com/security/CVE-2016-5278
- https://ubuntu.com/security/CVE-2016-5279
- https://ubuntu.com/security/CVE-2016-5280
- https://ubuntu.com/security/CVE-2016-5281
- https://ubuntu.com/security/CVE-2016-5282
- https://ubuntu.com/security/CVE-2016-5283
- https://ubuntu.com/security/CVE-2016-5284
- https://ubuntu.com/security/notices/USN-3112-1
- https://launchpad.net/ubuntu/+source/firefox/49.0+build4-0ubuntu0.16.04.1
- https://launchpad.net/ubuntu/+source/firefox/49.0+build4-0ubuntu0.14.04.1
- https://launchpad.net/ubuntu/+source/firefox/49.0+build4-0ubuntu0.12.04.1
- https://ubuntu.com/security/notices/USN-3076-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID of USN-3076-1?
The vulnerability ID of USN-3076-1 is CVE-2016-2827.
How can an attacker exploit CVE-2016-2827?
An attacker can potentially exploit CVE-2016-2827 to cause a denial of service via application crash by tricking a user into opening a specially crafted website.
What versions of Firefox are affected by USN-3076-1?
The versions of Firefox affected by USN-3076-1 are 49.0+build4-0ubuntu0.16.04.1, 49.0+build4-0ubuntu0.14.04.1, and 49.0+build4-0ubuntu0.12.04.1.
How can I fix the USN-3076-1 vulnerability in Ubuntu 16.04?
To fix the USN-3076-1 vulnerability in Ubuntu 16.04, update to version 49.0+build4-0ubuntu0.16.04.1 of the Firefox package.
Where can I find more information about USN-3076-1?
You can find more information about USN-3076-1 on the Ubuntu security website.
- agent/severity
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu gir1.2-packagekitglib-1.0
- version/ubuntu gir1.2-packagekitglib-1.0/16.04
- version/ubuntu gir1.2-packagekitglib-1.0/14.04
- version/ubuntu gir1.2-packagekitglib-1.0/12.04