============================================================================
Ubuntu Security Notice USN-2743-4
October 05, 2015

firefox regression
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

USN-2743-1 introduced a regression in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

USN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users
reported problems with bookmark creation and crashes in some
circumstances. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David
 Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup
 discovered multiple memory safety issues in Firefox. If a user were
 tricked in to opening a specially crafted website, an attacker could
 potentially exploit these to cause a denial of service via application
 crash, or execute arbitrary code with the privileges of the user invoking
 Firefox. (CVE-2015-4500, CVE-2015-4501)
 
 Andr=E9 Bargull discovered that when a web page creates a scripted proxy
 for the window with a handler defined a certain way, a reference to the
 inner window will be passed, rather than that of the outer window.
 (CVE-2015-4502)
 
 Felix Gr=F6bert discovered an out-of-bounds read in the QCMS color
 management library in some circumstances. If a user were tricked in to
 opening a specially crafted website, an attacker could potentially exploit
 this to cause a denial of service via application crash, or obtain
 sensitive information. (CVE-2015-4504)
 
 Khalil Zhani discovered a buffer overflow when parsing VP9 content in some
 circumstances. If a user were tricked in to opening a specially crafted
 website, an attacker could potentially exploit this to cause a denial of
 service via application crash, or execute arbitrary code with the
 privileges of the user invoking Firefox. (CVE-2015-4506)
 
 Spandan Veggalam discovered a crash while using the debugger API in some
 circumstances. If a user were tricked in to opening a specially crafted
 website whilst using the debugger, an attacker could potentially exploit
 this to execute arbitrary code with the privileges of the user invoking
 Firefox. (CVE-2015-4507)
 
 Juho Nurminen discovered that the URL bar could display the wrong URL in
 reader mode in some circumstances. If a user were tricked in to opening a
 specially crafted website, an attacker could potentially exploit this to
 conduct URL spoofing attacks. (CVE-2015-4508)
 
 A use-after-free was discovered when manipulating HTML media content in
 some circumstances. If a user were tricked in to opening a specially
 crafted website, an attacker could potentially exploit this to cause a
 denial of service via application crash, or execute arbitrary code with
 the privileges of the user invoking Firefox. (CVE-2015-4509)
 
 Looben Yang discovered a use-after-free when using a shared worker with
 IndexedDB in some circumstances. If a user were tricked in to opening a
 specially crafted website, an attacker could potentially exploit this to
 cause a denial of service via application crash, or execute arbitrary code
 with the privileges of the user invoking Firefox. (CVE-2015-4510)
 
 Francisco Alonso discovered an out-of-bounds read during 2D canvas
 rendering in some circumstances. If a user were tricked in to opening a
 specially crafted website, an attacker could potentially exploit this to
 obtain sensitive information. (CVE-2015-4512)
 
 Jeff Walden discovered that changes could be made to immutable properties
 in some circumstances. If a user were tricked in to opening a specially
 crafted website, an attacker could potentially exploit this to execute
 arbitrary script in a privileged scope. (CVE-2015-4516)
 
 Ronald Crane reported multiple vulnerabilities. If a user were tricked in
 to opening a specially crafted website, an attacker could potentially
 exploit these to cause a denial of service via application crash, or
 execute arbitrary code with the privileges of the user invoking Firefox.
 (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174,
 CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180)
 
 Mario Gomes discovered that dragging and dropping an image after a
 redirect exposes the redirected URL to scripts. An attacker could
 potentially exploit this to obtain sensitive information. (CVE-2015-4519)
 
 Ehsan Akhgari discovered 2 issues with CORS preflight requests. An
 attacker could potentially exploit these to bypass CORS restrictions.
 (CVE-2015-4520)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  firefox                         41.0.1+build2-0ubuntu0.15.04.2

Ubuntu 14.04 LTS:
  firefox                         41.0.1+build2-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  firefox                         41.0.1+build2-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2743-4
  http://www.ubuntu.com/usn/usn-2743-1
  https://launchpad.net/bugs/1501277

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/41.0.1+build2-0ubuntu0.15.04.2
  https://launchpad.net/ubuntu/+source/firefox/41.0.1+build2-0ubuntu0.14.04.1
  https://launchpad.net/ubuntu/+source/firefox/41.0.1+build2-0ubuntu0.12.04.1