SB2017081617 - Ubuntu update for Ubufox 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017081617

SB2017081617 - Ubuntu update for Ubufox

Published: August 16, 2017

Security Bulletin ID SB2017081617
Severity
High
Patch available
YES
Number of vulnerabilities 25
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 48% Low 52%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 25 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2017-7753)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when applying style rules to pseudo-elements, such as ::first-line, using cached style data. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and read arbitrary files on the system.

Successful exploitation of the vulnerability results in information disclosure.

2) Memory corruption (CVE-ID: CVE-2017-7779)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

3) Memory corruption (CVE-ID: CVE-2017-7780)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

4) Man-in-the-middle attack (CVE-ID: CVE-2017-7781)

The vulnerability allows a remote attacker to conduct man-in-the-middle attack.

The weakness exists due to an elliptic curve point addition error when using mixed Jacobian-affine coordinates. A remote attacker can trick the victim into visiting a specially crafted website and use man-in-the-middle techniques to interfere with a connection and compute an incorrect shared secret.

5) Denial of service (CVE-ID: CVE-2017-7783)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can trick the victim into visiting a specially crafted website containing a specially crafted username and password combination, trigger modal prompt and cause the browser to crash.

Successful exploitation of the vulnerability results in denial of service.

6) Use-after-free error (CVE-ID: CVE-2017-7784)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when reading an image observer during frame reconstruction after the observer has been freed. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

7) Buffer overflow (CVE-ID: CVE-2017-7785)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

8) Buffer overflow (CVE-ID: CVE-2017-7786)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when the image renderer attempts to paint non-displayable SVG elements. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

9) Information disclosure (CVE-ID: CVE-2017-7787)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access controls. A remote attacker can trick the victim into visiting a specially crafted website, bypass same-origin policy protections on pages with embedded iframes during page reloads and access content on the top level page.

Successful exploitation of the vulnerability results in information disclosure.

10) Security restrictions bypass (CVE-ID: CVE-2017-7788)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient same-origin policies. A remote attacker can trick the victim into visiting a specially crafted website, use a compromised content process and bypass Content Security Policy (CSP) for sandboxed 'about:srcdoc' iframes.

11) Security restrictions bypass (CVE-ID: CVE-2017-7789)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient same-origin policies. A remote attacker can trick the victim into visiting a specially crafted website, trigger the server to send two Strict-Transport-Security (STS) headers for a single connection and cause HTTP Strict Transport Security (HSTS) to fail to be enabled for the connection.

12) Spoofing attack (CVE-ID: CVE-2017-7791)

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to improper input validation. A remote attacker can trick the victim into visiting a specially crafted website and use iframe content and the 'data:' protocol to spoof the origin of a modal alert.

13) Buffer overflow (CVE-ID: CVE-2017-7792)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

14) Security restrictions bypass (CVE-ID: CVE-2017-7794)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper input validation. A remote attacker can trick the victim into visiting a specially crafted website, use a compromised content process and cause the sandbox broker to truncate files on Linux-based systems.

15) Security restrictions bypass (CVE-ID: CVE-2017-7797)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper input validation. A remote attacker can trick the victim into visiting a specially crafted website and bypass same-origin restrictions in processing stored header names.

16) Improper input validation (CVE-ID: CVE-2017-7798)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper sanitization of the web page source code. A remote attacker can trick the victim into visiting a specially crafted website with the style editor tool, trigger a XUL injection flaw in the Developer Tools feature and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

17) Self-XSS (CVE-ID: CVE-2017-7799)

The vulnerability allows a remote attacker to conduct self-XSS attack.

The weakness exists due to JavaScript in the about:webrtc page is not sanitized properly being assigned to innerHTML. A remote attacker can inject and execute malicious script in a victim's Web browser within the security context of the hosting Web site to steal the victim's cookie-based authentication credentials.

18) Use-after-free error (CVE-ID: CVE-2017-7800)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in WebSockets when the object holding the connection is freed before the disconnection operation is finished. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

19) Use-after-free error (CVE-ID: CVE-2017-7801)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when recomputing layout for a marquee element during window resizing. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

20) Use-after-free error (CVE-ID: CVE-2017-7802)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when manipulating the DOM during the resize event of an image element. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

21) Security restrictions bypass (CVE-ID: CVE-2017-7803)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to content security policy (CSP) directives being ignored. A remote attacker can trick the victim into visiting a specially crafted website and cause the incorrect enforcement of CSP.

22) Use-after-free error (CVE-ID: CVE-2017-7806)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when the layer manager is freed too early when rendering specific SVG content. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

23) Domain hijacking (CVE-ID: CVE-2017-7807)

The vulnerability allows a remote attacker to hijack the domain on the target system.

The weakness exists due to improper access controls. A remote attacker can trick the victim into visiting a specially crafted website, invoke AppCache and hijack a URL in a domain.

24) Information disclosure (CVE-ID: CVE-2017-7808)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to cross-origin information leak. A remote attacker can trick the victim into visiting a specially crafted website, use a content security policy (CSP) frame-ancestors directive to gain access to arbitrary files.

Successful exploitation of the vulnerability results in information disclosure.

25) Use-after-free error (CVE-ID: CVE-2017-7809)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References