Security Alert (A15-07-03): Multiple Vulnerabilities in Firefox and Thunderbird


 

Published on: 03 July 2015

  
  

Description:

Mozilla has published a security advisory to address multiple vulnerabilities found in Firefox and Thunderbird. These vulnerabilities are caused by memory safety bugs in the browser engine, use-after-free error, uses of uninitialized memory, poor validation, read of not owned memory in zip files and buffer overflows. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.


Affected Systems:

  • Firefox prior to version 39
  • Firefox ESR 38.x prior to version 38.1
  • Firefox ESR 31.x prior to version 31.8
  • Thunderbird prior to version 38.1

Impact:

Depending on the vulnerability exploited, a successful attack could lead to application crash, bypass of security restrictions, elevation of privilege, information disclosure and arbitrary code execution.


Recommendation:

Mozilla has released new versions of the products to address the issues and they can be downloaded at the following URLs:

  • Firefox 39 for Windows, Macintosh and Linux
    http://www.mozilla.org/en-US/firefox/all.html

  • Firefox 39 for Android
    http://play.google.com/store/apps/details?id=org.mozilla.firefox

  • Firefox ESR 31.8 and 38.1 for Windows, Macintosh and Linux
    http://www.mozilla.org/en-US/firefox/organizations/all/

  • Thunderbird 38.1 for Windows, Macintosh and Linux
    http://www.mozilla.org/en-US/thunderbird/all.html

 Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.



More Information:

https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-60/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-61/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-68/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-71/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724 (to CVE-2015-2731)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2733 (to CVE-2015-2743)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000



Tag: Firefox , Thunderbird , Mozilla
Tags