|

Security Alert (A15-08-04): Multiple Vulnerabilities in Firefox


 

Published on: 12 August 2015

     
Email to

Description:

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, use-after-free error, integer overflows when handling MPEG4 video and buffer overflows in the Libvpx library used for WebM video. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.


Affected Systems:

  • Firefox prior to version 40
  • Firefox ESR 38.x prior to version 38.2
    (Firefox ESR 31.x could also be affected but it has reached end-of-support)

Impact:

Depending on the vulnerability exploited, a successful attack could lead to application crash, bypass of security restrictions, elevation of privilege and arbitrary code execution.


Recommendation:

Mozilla has released new versions of the products to address the issues and they can be downloaded at the following URLs:

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.


Users of Firefox ESR 31.8 should be reminded that the product has reached end-of-support on 11 Aug 2015 and there will not be any patches available. Users should consider upgrading to newer versions for protections.

More Information:

This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-79
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-80
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-81
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-82
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-83
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-84
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-85
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-86
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-87
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-88
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-89
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-90
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-91
This link will open in a new windowhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-92
This link will open in a new windowhttps://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal
This link will open in a new windowhttps://www.hkcert.org/my_url/en/alert/15081216
This link will open in a new windowhttps://www.us-cert.gov/ncas/current-activity/2015/08/11/Mozilla-Releases-Security-Updates-Firefox-Firefox-ESR-and-Firefox
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473 (to CVE-2015-4475)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4477 (to CVE-2015-4493)



Tag: Firefox , Mozilla
Tags