 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.842895 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-3076-1) |
| Summary: | The remote host is missing an update for the 'firefox' package(s) announced via the USN-3076-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the USN-3076-1 advisory. Vulnerability Insight: Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy (CSP) directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-2827) Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5256, CVE-2016-5257) Atte Kettunen discovered a heap buffer overflow during text conversion with some unicode characters. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5270) Abhishek Arya discovered an out of bounds read during the processing of text runs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-5271) Abhishek Arya discovered a bad cast when processing layout with input elements in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5272) A crash was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5273) A use-after-free was discovered in web animations during restyling. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5274) A buffer overflow was discovered when working with empty filters during canvas rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5275) A use-after-free was discovered in accessibility. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5276) A use-after-free was discovered in web animations when destroying a timeline. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'firefox' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-2827 BugTraq ID: 93052 http://www.securityfocus.com/bid/93052 https://security.gentoo.org/glsa/201701-15 http://www.securitytracker.com/id/1036852 Common Vulnerability Exposure (CVE) ID: CVE-2016-5256 Common Vulnerability Exposure (CVE) ID: CVE-2016-5257 BugTraq ID: 93049 http://www.securityfocus.com/bid/93049 Debian Security Information: DSA-3674 (Google Search) http://www.debian.org/security/2016/dsa-3674 Debian Security Information: DSA-3690 (Google Search) http://www.debian.org/security/2016/dsa-3690 RedHat Security Advisories: RHSA-2016:1912 http://rhn.redhat.com/errata/RHSA-2016-1912.html RedHat Security Advisories: RHSA-2016:1985 http://rhn.redhat.com/errata/RHSA-2016-1985.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5270 Common Vulnerability Exposure (CVE) ID: CVE-2016-5271 Common Vulnerability Exposure (CVE) ID: CVE-2016-5272 Common Vulnerability Exposure (CVE) ID: CVE-2016-5273 Common Vulnerability Exposure (CVE) ID: CVE-2016-5274 Common Vulnerability Exposure (CVE) ID: CVE-2016-5275 Common Vulnerability Exposure (CVE) ID: CVE-2016-5276 Common Vulnerability Exposure (CVE) ID: CVE-2016-5277 Common Vulnerability Exposure (CVE) ID: CVE-2016-5278 Common Vulnerability Exposure (CVE) ID: CVE-2016-5279 Common Vulnerability Exposure (CVE) ID: CVE-2016-5280 Common Vulnerability Exposure (CVE) ID: CVE-2016-5281 http://www.geeknik.net/7gr1u98b9 Common Vulnerability Exposure (CVE) ID: CVE-2016-5282 Common Vulnerability Exposure (CVE) ID: CVE-2016-5283 Common Vulnerability Exposure (CVE) ID: CVE-2016-5284 https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95 http://seclists.org/dailydave/2016/q3/51 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |