SB2017061337 - Multiple vulnerabilities in Mozilla Firefox
Published: June 13, 2017 Updated: November 10, 2018
Security Bulletin ID
SB2017061337
Severity
High
Patch available
YES
Number of vulnerabilities
30
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 30 secuirty vulnerabilities.
1) Use-after-free error (CVE-ID: CVE-2017-5472)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error with the frameloader during tree reconstruction while regenerating CSS layout. A remote attacker can use a node in the tree that no longer exists, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
2) Use-after-free error (CVE-ID: CVE-2017-7749)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when using an incorrect URL during the reloading of a docshell. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
3) Use-after-free error (CVE-ID: CVE-2017-7750)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error during video control operations when a
<track>
element holds a reference to an older window if that window has been replaced in the DOM. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.Successful exploitation of the vulnerability may result in system compromise.
4) Use-after-free error (CVE-ID: CVE-2017-7751)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error with content viewer listeners. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
5) Use-after-free error (CVE-ID: CVE-2017-7752)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error during specific user interactions with the input method editor (IME) in some languages due to how events are handled. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
6) Out-of-bounds read (CVE-ID: CVE-2017-7754)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read in WebGL. A remote attacker can use a specially crafted
ImageInfo object during WebGL operations and read arbitrary files.Successful exploitation of the vulnerability results in information disclosure.
7) Insecure DLL library loading (CVE-ID: CVE-2017-7755)
The vulnerability allows a remote attacker to gain elevated privileges on the target system.The vulnerability exists due to insecure .dll loading mechanism when opening files. A remote attacker can place a specially crafted .dll file along with installer on a remote SBM or WebDAV share, trick the victim into running the installer file from this directory and execute arbitrary code on the target system with privileges of the current victim.
Successful exploitation of the vulnerability may result in system compromise.
8) Use-after-free error (CVE-ID: CVE-2017-7756)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free and use-after-scope error when logging errors from headers for XML HTTP Requests (XHR). A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
9) Use-after-free error (CVE-ID: CVE-2017-7757)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
10) Out-of-bounds write (CVE-ID: CVE-2017-7778)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists in Graphite 2 library due to out-of-bounds-write. A remote attacker can execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
11) Out-of-bounds read (CVE-ID: CVE-2017-7771)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in Graphite 2 library due to out-of-bounds-read. A remote attacker can cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
12) Heap-buffer-overflow write (CVE-ID: CVE-2017-7772)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists in Graphite 2 library due to heap-buffer-overflow write. A remote attacker can execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
13) Heap-buffer-overflow write (CVE-ID: CVE-2017-7773)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists in Graphite 2 library due to heap-buffer-overflow write. A remote attacker can execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
14) Out-of-bounds read (CVE-ID: CVE-2017-7774)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in Graphite 2 library due to out-of-bounds-read. A remote attacker can cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
15) Denial of service (CVE-ID: CVE-2017-7775)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in Graphite 2 library due to an error in 'size() > n'. A remote attacker can cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
16) Heap-buffer-overflow read (CVE-ID: CVE-2017-7776)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in Graphite 2 library due to heap-buffer-overflow read. A remote attacker can cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
17) Denial of service (CVE-ID: CVE-2017-7777)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in Graphite 2 library due to use of uninitialized memory. A remote attacker can cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
18) Out-of-bounds read (CVE-ID: CVE-2017-7758)
The vulnerability allows a remote attacker to obtain potentially sensitive on the target system.The weakness exists due to out-of-bounds read with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. A remote attacker can trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
19) Information disclosure (CVE-ID: CVE-2017-7759)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper applying of same-origin policy.A local attacker can use Android intent URLs given to Firefox for Android to navigate from HTTP or HTTPS URLs to local
file: URLs and read arbitrary files.Successful exploitation of the vulnerability results in information disclosure.
20) Privilege escalation (CVE-ID: CVE-2017-7760)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The vulnerability exists due to uncontrolled search path element. A local attacker can pass a special path to the callback parameter through the Mozilla Maintenance Service, manipulate files in the installation directory and gain system privileges.
Successful exploitation of the vulnerability may result in privileges escalation.
21) Insecure DLL library loading (CVE-ID: CVE-2017-7761)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The vulnerability exists in the Mozilla Maintenance Service
helper.exe application due to insecure .dll loading mechanism when opening files. A local attacker can place a specially crafted .dll file along with junction protected files on a remote SBM or WebDAV share, trick the victim into opening legitimate media file and execute arbitrary code on the target system with system privileges.Successful exploitation of the vulnerability may result in system compromise.
22) Information disclosure (CVE-ID: CVE-2017-7762)
The vulnerability allows a remote attacker to perform spoofing attack.The weakness exists due to Reader Mode did not strip the username and password section of URLs displayed in the addressbar when entering directly. A remote attacker can perform domain spoofing attacks and read arbitrary files.
Successful exploitation of the vulnerability results in information disclosure.
23) Information disclosure (CVE-ID: CVE-2017-7763)
The vulnerability allows a remote attacker to perform spoofing attack.The weakness exists due to displaying of some Tibetan characters as whitespace by default fonts on OS X. A remote attacker can use characters in the addressbar as part of an IDN to perform domain name spoofing attacks and read arbitrary files.
Successful exploitation of the vulnerability results in information disclosure.
24) Information disclosure (CVE-ID: CVE-2017-7764)
The vulnerability allows a remote attacker to perform spoofing attack.The weakness exists due to mix of characters from the "Canadian Syllabics" unicode block with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form. A remote attacker can use characters confusion to perform domain name spoofing attacks and read arbitrary files.
Successful exploitation of the vulnerability results in information disclosure.
25) Security bypass (CVE-ID: CVE-2017-7765)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to incorrect saving of the "Mark of the Web" on Windows when files with very long names were downloaded from the Internet. A remote attacker can trick the victim into downloading a specially crafted file, execute it and bypass "Mark of the Web".
Successful exploitation of the vulnerability may result in further attacks.
26) Privilege escalation (CVE-ID: CVE-2017-7766)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The vulnerability exists in the Mozilla Windows Updater due to improper input validation. A local attacker can use manipulation of
updater.ini contents and the Maintenance Service to execute and delete arbitrary files with system privileges.Successful exploitation of the vulnerability may result in system compromise.
27) Privilege escalation (CVE-ID: CVE-2017-7767)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The vulnerability exists in the Mozilla Maintenance Service on Windows due to improper input validation. A local attacker can overwrite arbitrary files with junk data using the Mozilla Windows Updater and gain system privileges.
Successful exploitation of the vulnerability may result in system compromise.
28) Information disclosure (CVE-ID: CVE-2017-7768)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists in the Mozilla Windows Updater due to improper access control. A local attacker can use Mozilla Maintenance Service to bypass system protections and read 32 bytes of any arbitrary file on the local system.
Successful exploitation of the vulnerability results in information disclosure.
29) Memory corruption (CVE-ID: CVE-2017-5471)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user
Successful exploitation of the vulnerability may result in system compromise.
30) Memory corruption (CVE-ID: CVE-2017-5470)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.