The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of Mozilla Firefox.
Impacted systems: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this alert: 4/4.
Number of vulnerabilities in this bulletin: 25.
Creation date: 16/11/2016.
Références of this alert: bulletinoct2016, CERTFR-2016-AVI-379, CVE-2016-5289, CVE-2016-5290, CVE-2016-5291, CVE-2016-5292, CVE-2016-5293, CVE-2016-5294, CVE-2016-5295, CVE-2016-5296, CVE-2016-5297, CVE-2016-5298, CVE-2016-5299, CVE-2016-9061, CVE-2016-9062, CVE-2016-9063, CVE-2016-9064, CVE-2016-9065, CVE-2016-9066, CVE-2016-9067, CVE-2016-9068, CVE-2016-9069, CVE-2016-9070, CVE-2016-9071, CVE-2016-9072, CVE-2016-9073, CVE-2016-9075, CVE-2016-9076, CVE-2016-9077, DLA-730-1, DLA-752-1, DSA-3716-1, DSA-3730-1, FEDORA-2016-5bf1a34211, FEDORA-2016-e39b7c826b, MFSA-2016-89, MFSA-2016-90, MFSA-2016-93, openSUSE-SU-2016:2861-1, openSUSE-SU-2016:3011-1, openSUSE-SU-2016:3019-1, RHSA-2016:2780-01, RHSA-2016:2825-01, SSA:2016-323-01, SUSE-SU-2016:3014-1, SUSE-SU-2016:3080-1, SUSE-SU-2016:3105-1, SUSE-SU-2019:2872-1, USN-3124-1, USN-3141-1, VIGILANCE-VUL-21125.

Description of the vulnerability 

Several vulnerabilities were announced in Mozilla Firefox.

An attacker can generate a buffer overflow via rasterize_edges_1, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5296]

An attacker can generate a memory corruption via URL Parsing, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5292]

An attacker can bypass access restrictions via Updater.log Hardlink, in order to alter files. [severity:3/4; CVE-2016-5293]

An attacker can bypass access restrictions via Updater, in order to alter files. [severity:2/4; CVE-2016-5294]

An attacker can generate an integer overflow via JavaScript, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5297]

An attacker can act as a Man-in-the-Middle via an Add-on ID, in order to alter an extension. [severity:3/4; CVE-2016-9064]

An attacker can alter displayed information via Firefox for Android, in order to deceive the victim. [severity:2/4; CVE-2016-9065]

An attacker can generate an integer overflow via nsScriptLoadHandler, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9066]

An attacker can force the usage of a freed memory area via nsINode::ReplaceOrInsertBefore, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9067, CVE-2016-9069]

An attacker can force the usage of a freed memory area via nsRefreshDriver, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9068]

An attacker can bypass security features via Fresh Profile, in order to escalate his privileges. [severity:3/4; CVE-2016-9072]

An attacker can bypass security features via WebExtensions, in order to escalate his privileges. [severity:3/4; CVE-2016-9075]

An attacker can bypass security features via feDisplacementMap, in order to obtain sensitive information. [severity:2/4; CVE-2016-9077]

An attacker can bypass the origin check via Local Shortcut File, in order to access to victim's data. [severity:2/4; CVE-2016-5291]

An attacker can bypass file access restrictions via Maintenance Service, in order to obtain sensitive information. [severity:2/4; CVE-2016-5295]

An attacker can alter displayed information via SSL Indicator, in order to deceive the victim. [severity:2/4; CVE-2016-5298]

An attacker can bypass security features via AuthTokens, in order to escalate his privileges. [severity:2/4; CVE-2016-5299]

An attacker can bypass security features via glocation, in order to escalate his privileges. [severity:2/4; CVE-2016-9061]

An attacker can bypass security features via browser.db, in order to obtain sensitive information. [severity:2/4; CVE-2016-9062]

An attacker can bypass the origin check via Bookmark, in order to access to victim's data. [severity:2/4; CVE-2016-9070]

An attacker can bypass security features via windows.create, in order to escalate his privileges. [severity:2/4; CVE-2016-9073]

An attacker can alter displayed information via Select Dropdown Menu, in order to deceive the victim. [severity:2/4; CVE-2016-9076]

An attacker can generate an integer overflow via Expat XML_Parse, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-23211). [severity:1/4; CVE-2016-9063, CVE-2016-9071]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5289]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5290]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat announce impacts software or systems such as Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this computer vulnerability is critical.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 25 vulnerabilities.

An attacker with a expert ability can exploit this cybersecurity alert.

Solutions for this threat 

Mozilla Firefox: version 50.
The version 50 is fixed:
  http://www.mozilla.org/firefox/

Mozilla Firefox: version 45.5.
The version 45.5 is fixed:
  http://www.mozilla.org/firefox/

Thunderbird: version 45.5.
The version 45.5 is fixed:
  https://www.mozilla.org/fr/thunderbird/

Debian: new firefox-esr packages.
New packages are available:
  Debian 7: firefox-esr 45.5.1esr-1~deb7u1
  Debian 8: firefox-esr 45.5.0esr-1~deb8u1

Debian: new icedove packages.
New packages are available:
  Debian 8: icedove 1:45.5.1-1~deb8u1
  Debian 7: icedove 45.5.1-1~deb7u1

Fedora: new firefox packages.
New packages are available:
  Fedora 23: firefox 50.0-1.fc23
  Fedora 24: firefox 50.0-1.fc24

Mozilla SeaMonkey: version 2.46.
The version 2.46 is fixed:
  http://www.seamonkey-project.org/releases/

openSUSE 13.1: new MozillaFirefox / MozillaThunderbird packages.
New packages are available:
  openSUSE 13.1: MozillaFirefox 50.0.2-131.1, MozillaThunderbird 45.5.1-70.92.1, mozilla-nss 3.26.2-94.1

openSUSE: new MozillaFirefox packages.
New packages are available:
  openSUSE 13.2: mozilla-nss 3.26.2-49.1, MozillaFirefox 50.0-88.1
  openSUSE Leap 42.1: mozilla-nss 3.26.2-32.1, MozillaFirefox 50.0-39.1
  openSUSE Leap 42.2: mozilla-nss 3.26.2-32.1, MozillaFirefox 50.0-39.2

RHEL: new firefox packages.
New packages are available:
  RHEL 5: firefox 45.5.0-1.el5_11
  RHEL 6: firefox 45.5.0-1.el6_8
  RHEL 7: firefox 45.5.0-1.el7_3

RHEL: new thunderbird packages.
New packages are available:
  RHEL 5: thunderbird 45.5.0-1.el5_11
  RHEL 6: thunderbird 45.5.0-1.el6_8
  RHEL 7: thunderbird 45.5.0-1.el7_3

Slackware: new mozilla-firefox packages.
New packages are available:
  Slackware 14.1: mozilla-firefox 45.5.0esr-*-1_slack14.1
  Slackware 14.2: mozilla-firefox 45.5.0esr-*-1_slack14.2

Solaris: patch for third party software of October 2016 v4.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

SUSE LE 11: new MozillaFirefox packages.
New packages are available:
  SUSE LE 11 SP3: MozillaFirefox 45.5.1esr-59.1, mozilla-nss 3.21.3-39.1
  SUSE LE 11 SP4: MozillaFirefox 45.5.1esr-59.1, mozilla-nss 3.21.3-39.1
  SUSE LE 11 SP2: MozillaFirefox 45.5.1esr-63.1, mozilla-nss 3.21.3-30.1

SUSE LE 12: new MozillaFirefox packages (06/12/2016).
New packages are available:
  SUSE LE 12 RTM: MozillaFirefox 45.5.0esr-88.1, mozilla-nss 3.21.3-50.1
  SUSE LE 12 SP1: MozillaFirefox 45.5.0esr-88.1, mozilla-nss 3.21.3-50.1
  SUSE LE 12 SP2: MozillaFirefox 45.5.0esr-88.1, mozilla-nss 3.21.3-50.1

SUSE LE 12: new MozillaFirefox packages (31/10/2019).
New packages are available:
  SUSE LE 12 SP1: MozillaFirefox 68.2.0-109.95.2
  SUSE LE 12 SP2: MozillaFirefox 68.2.0-109.95.2
  SUSE LE 12 SP3: MozillaFirefox 68.2.0-109.95.2
  SUSE LE 12 SP4: MozillaFirefox 68.2.0-109.95.2
  SUSE LE 12 SP5: MozillaFirefox 68.2.0-109.95.2

SUSE LE 12: new MozillaThunderbird packages.
New packages are available:
  SUSE LE 12 RTM-SP2: MozillaThunderbird 45.5.1-17.1

Ubuntu: new firefox packages.
New packages are available:
  Ubuntu 16.10: firefox 50.0+build2-0ubuntu0.16.10.2
  Ubuntu 16.04 LTS: firefox 50.0+build2-0ubuntu0.16.04.2
  Ubuntu 14.04 LTS: firefox 50.0+build2-0ubuntu0.14.04.2
  Ubuntu 12.04 LTS: firefox 50.0+build2-0ubuntu0.12.04.2

Ubuntu: new thunderbird packages.
New packages are available:
  Ubuntu 16.10: thunderbird 1:45.5.1+build1-0ubuntu0.16.10.1
  Ubuntu 16.04 LTS: thunderbird 1:45.5.1+build1-0ubuntu0.16.04.1
  Ubuntu 14.04 LTS: thunderbird 1:45.5.1+build1-0ubuntu0.14.04.1
  Ubuntu 12.04 LTS: thunderbird 1:45.5.1+build1-0ubuntu0.12.04.1

Wind River Linux: solution of End-October 2017.
The solution is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability analysis. The Vigil@nce vulnerability database contains several thousand vulnerabilities.