CERT RENATER
Nous contacter
- Mail : cert@support.renater.fr
- Web : Pages du CERT
- Tél : 01.53.94.20.44
- Fax : 01.53.94.20.31
==================================================================== CERT-Renater Note d'Information No. 2014/VULN226 _____________________________________________________________________ DATE : 15/10/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Firefox versions prior to 33, ESR 31.2, Thunderbird versions prior to 31.2. ====================================================================== https://www.mozilla.org/security/announce/2014/mfsa2014-74.html https://www.mozilla.org/security/announce/2014/mfsa2014-75.html https://www.mozilla.org/security/announce/2014/mfsa2014-76.html https://www.mozilla.org/security/announce/2014/mfsa2014-77.html https://www.mozilla.org/security/announce/2014/mfsa2014-78.html https://www.mozilla.org/security/announce/2014/mfsa2014-79.html https://www.mozilla.org/security/announce/2014/mfsa2014-80.html https://www.mozilla.org/security/announce/2014/mfsa2014-81.html https://www.mozilla.org/security/announce/2014/mfsa2014-82.html ______________________________________________________________________ Mozilla Foundation Security Advisory 2014-74 Title: Miscellaneous memory safety hazards (rv:33.0 / rv:31.2) Impact: Critical Announced: October 14, 2014 Reporter: Mozilla Developers Products: Firefox, Thunderbird Fixed in: Firefox 33 Firefox ESR 31.2 Thunderbird 31.2 Description Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. References Bobby Holley, Christian Holler, David Bolter, Byron Campen, and Jon Coppeard reported memory safety problems and crashes that affect Firefox ESR 31.1 and Firefox 32. Memory safety bugs fixed in Firefox ESR 31.2 and Firefox 33 (CVE-2014-1574) Carsten Book, Christian Holler, Martijn Wargers, Shih-Chiang Chien, Terrence Cole, Eric Rahm , and Jeff Walden reported memory safety problems and crashes that affect Firefox 32. Memory safety bugs fixed in Firefox 33. (CVE-2014-1575) ______________________________________________________________________ Mozilla Foundation Security Advisory 2014-75 Title: Buffer overflow during CSS manipulation Impact: High Announced: October 14, 2014 Reporter: Atte Kettunen Products: Firefox, Thunderbird Fixed in: Firefox 33 Firefox ESR 31.2 Thunderbird 31.2 Description Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable. References Heap-buffer-overflow in nsTransformedTextRun (CVE-2014-1576) ______________________________________________________________________ Mozilla Foundation Security Advisory 2014-76 Title: Web Audio memory corruption issues with custom waveforms Impact: High Announced: October 14, 2014 Reporter: Holger Fuhrmannek Products: Firefox, Thunderbird Fixed in: Firefox 33 Firefox ESR 31.2 Thunderbird 31.2 Description Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover an out-of-bounds read issue with Web Audio when interacting with custom waveforms with invalid values. This results in a crash and could allow for the reading of random memory which may contain sensitive data, or of memory addresses that could be used in combination with another bug. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. References Out-of-Bounds Read in mozilla::dom::OscillatorNodeEngine::ComputeCustom with negative frequency (CVE-2014-1577) ______________________________________________________________________ Mozilla Foundation Security Advisory 2014-77 Title: Out-of-bounds write with WebM video Impact: Critical Announced: October 14, 2014 Reporter: Abhishek Arya Products: Firefox, Thunderbird Fixed in: Firefox 33 Firefox ESR 31.2 Thunderbird 31.2 Description Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. References OOB write in get_tile (CVE-2014-1578) ______________________________________________________________________ Mozilla Foundation Security Advisory 2014-78 Title: Further uninitialized memory use during GIF rendering Impact: High Announced: October 14, 2014 Reporter: Michal Zalewski Products: Firefox Fixed in: Firefox 33 Description Google security researcher Michal Zalewski reported that when a malformed GIF image is repeatedly rendered within a