Security Alert (A16-04-05): Multiple Vulnerabilities in Firefox


 

Published on: 27 April 2016

  
  

Description:

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, memory corruption, buffer overflow, JavaScript watch() method and use-after-free error. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.


Affected Systems:

  • Firefox prior to version 46.0
  • Firefox ESR prior to version 38.8 or 45.1

Impact:

A successful attack could lead to application crash, information disclosure, elevation of privilege or arbitrary code execution on an affected system.


Recommendation:

Mozilla has released new versions of the product to address the issues and they can be downloaded at the following URLs:

  • Firefox 46.0 for Windows, Macintosh and Linux
    http://www.mozilla.org/en-US/firefox/all.html

  • Firefox ESR 38.8 or 45.1 for Windows, Macintosh and Linux
    https://www.mozilla.org/en-US/firefox/organizations/all/

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://www.mozilla.org/security/advisories/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-40/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-41/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-43/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-46/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/
https://www.mozilla.org/firefox/46.0/releasenotes/
https://www.hkcert.org/my_url/en/alert/16042701
https://www.us-cert.gov/ncas/current-activity/2016/04/26/Mozilla-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808 (to CVE-2016-2814)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2816 (to CVE-2016-2817)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2820



Tag: Firefox , Mozilla
Tags