Security Alert (A16-06-01): Multiple Vulnerabilities in Firefox


 

Published on: 08 June 2016

  
  

Description:

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, memory corruption, buffer overflow, use-after-free error and Mozilla Windows updater could be used to overwrite arbitrary files. A remote attacker could entice a user to open a web page with specially crafted content or open a malicious program to invoke the updater to exploit the vulnerabilities.

 

Affected Systems:

  • Firefox prior to version 47.0
  • Firefox ESR prior to version 45.2 

 

Impact:

A successful attack could lead to application crash, information disclosure, elevation of privilege, cross-site scripting, denial of service or arbitrary code execution on an affected system.

 

Recommendation:

Mozilla has released new versions of the product to address the issues and they can be downloaded at the following URLs:

  • Firefox 47.0 for Windows, Macintosh and Linux
    http://www.mozilla.org/en-US/firefox/all.html

  • Firefox ESR 45.2 for Windows, Macintosh and Linux
    https://www.mozilla.org/en-US/firefox/organizations/all/

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://www.mozilla.org/security/advisories/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-49/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-50/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-51/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-52/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-53/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-54/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-55/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-57/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-58/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-59/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-60/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/
https://www.mozilla.org/firefox/47.0/releasenotes/
https://www.hkcert.org/my_url/en/alert/16060801
https://www.us-cert.gov/ncas/current-activity/2016/06/07/Mozilla-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818 (to CVE-2016-2819)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2821 (to CVE-2016-2822)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2824 (to CVE-2016-2826)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2828 (to CVE-2016-2829)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2831 (to CVE-2016-2834) 



Tag: Firefox , Mozilla
Tags