Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2458-1)

high Nessus Plugin ID 80548

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2458-1 advisory.

Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-8634, CVE-2014-8635)

Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2014-8636)

Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential information. (CVE-2014-8637)

Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2014-8638)

Xiaofeng Zheng discovered that a web proxy returning a 407 response could inject cookies in to the originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially exploit this to conduct session-fixation attacks. (CVE-2014-8639)

Holger Fuhrmannek discovered a crash in Web Audio while manipulating timelines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-8640)

Mitchell Harper discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8641)

Brian Smith discovered that OCSP responses would fail to verify if signed by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck extension, potentially allowing a user to connect to a site with a revoked certificate. (CVE-2014-8642)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-2458-1

Plugin Details

Severity: High

ID: 80548

File Name: ubuntu_USN-2458-1.nasl

Version: 1.22

Type: local

Agent: unix

Published: 1/15/2015

Updated: 8/27/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-8641

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2014-8638

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast, cpe:/o:canonical:ubuntu_linux:14.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga, p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg, p-cpe:/a:canonical:ubuntu_linux:firefox, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da, p-cpe:/a:canonical:ubuntu_linux:firefox-testsuite, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms, p-cpe:/a:canonical:ubuntu_linux:firefox-globalmenu, p-cpe:/a:canonical:ubuntu_linux:firefox-dev, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/14/2015

Vulnerability Publication Date: 1/14/2015

Exploitable With

Metasploit (Firefox Proxy Prototype Privileged Javascript Injection)

Reference Information

CVE: CVE-2014-8634, CVE-2014-8635, CVE-2014-8636, CVE-2014-8637, CVE-2014-8638, CVE-2014-8639, CVE-2014-8640, CVE-2014-8641, CVE-2014-8642

BID: 72041, 72042, 72044, 72045, 72046, 72047, 72048, 72049, 72050

USN: 2458-1