Red Hat Addresses Critical Firefox Vulnerability

On April 26th, 2016, Red Hat 5, 6, and 7 along with its community-supported counterpart CentOS have released a major new Firefox upgrade to address a number of Critical vulnerabilities in the Extend Support Release (ESR) version of Mozilla's browser software.  The version number jumps to 45 from the current 38.  According to the Security Advisory, Mozilla reported that the Firefox version available for Enterprise Linux distributions--i.e. 38.8--could allow
 "A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
(CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814)"

Upstream, Mozilla's Security Advosories page for the Extended Support Release (ESR) of Firefox tracks this issue and has some relevant links for the different vulnerabilities addressed by this major update.

firefox-45.1.0-1.el7_2.src.rpm

Buffer Overflow in libstagefright

 First, the potential for a web page containing malicious content to crash firefox is outlined and tracked by mozilla at https://www.mozilla.org/en-US/security/advisories/mfsa2016-44. Red Hat's advisory page shows a Common Vulnerability Score (CVS) of 5.1. According to the short description publicly available:

Using Address Sanitizer, security researcher Sascha Just reported a buffer overflow in the libstagefright library due to issues with the handling of CENC offsets and the sizes table.


 Overflow from Invalid HashMap Entry in Javascript.watch()

The second High issue addressed with this major update fixes the vulnerability in Firefox ESR that allowed malware content in a web page to execute code as the user under which the Firefox process was run.  This issue was exploitable using the Javascript.watch() method.  Red Hat's advisory page shows a CVS score of 5.1.  Mozilla's Security Advisory page has the following short description about this issue:

The CESG, the Information Security Arm of GCHQ, reported that the JavaScript .watch() method could be used to overflow the 32-bit generation count of the underlying HashMap, resulting in a write to an invalid entry. Under the right conditions this write could lead to arbitrary code execution. The overflow takes considerable time and a malicious page would require a user to keep it open for the duration of the attack.

 Critical Memory Safety Problems

According to the Security Advisory pages for Red Hat as well as Mozilla, the various memory safety problems that were fixed by this release had a Critical level impact.  Red Hat's advisory page shows a Common Vulnerability Score (CVS) of 6.8 for all three of the relevant problems that were still present in the Firefox version 38.8 ESR.

Additional Resources


Popular posts from this blog

Configure rsyslog Server on Fedora

Image
It can be very beneficial for system administrators and network administrators, especially, to log system messages from other machines on the network to a centralized hub. Fedora 20 uses rsyslog as the default syslogd service; this allows administrators to configure remote logging. I'll be detailing the necessary configuration steps of rsyslog in Fedora 20 to allow logging messages from a DD-WRT router. This will entail Edit /etc/rsyslog.conf Set up firewall rule to allow incoming connection to server Configure DD-WRT router to send syslogd messages to our server rsyslog server Our server will be the Fedora 20 machine. There are two configuration files in the /etc/ directory that are of interest to us: /etc/rsyslog.conf /etc/sysconfig/rsyslog However, the latter file is not useful anymore as it states: # Options for rsyslogd # Syslogd options are deprecated since rsyslog v3. # If you want to use them, switch to compatibility mode 2 by "-c 2" # See rsy
Read more

RHEL 7 and CentOS 7 syslog Rate Limit

https://access.redhat.com/solutions/1417483 In RHEL 7 there is rate-limiting both in systemd-journald and in rsyslog's imjournal module Lower Ratelimit Interval Lower the interval for rate-limiting and increase the burst level in order to minimize the possibility of losing log messages when the threshold is reached for the specified number of messages logged within the specified interval. Rate-limiting is specific to each process, so there's usually no reason to change this. It is also inadvisable to disable this feature entirely! grep -i rate /etc/systemd/journald.conf #RateLimitInterval=30s #RateLimitBurst=1000 RateLimitInterval=10s RateLimitBurst=3000 grep -i rate /etc/rsyslog.conf #$imjournalRatelimitInterval 600 <--default $imjournalRatelimitInterval 300 $imjournalRatelimitBurst 30000 journal corruption journalctl --verify journalctl --force
Read more

EFF Announces Voting Registration Service

Image
The Electronic Frontier Foundation ( EFF ) has announced a Beta version of their ongoing project to facilitate voter registration for United States elections.  The server allows the user to text the service, HelloVote , in order to register. There is another service provided by VotePlz.org that allows citizens to: Not sure if you’re registered? No problem! We’ll check if you’re registered to vote at your current home address. Don’t have time to vote in person? You can vote by mail instead—it’s even easier! Want to vote in person? We’ll show you where your nearest polling station is and help you get there. Don’t have a stamp or a printer? That’s all right! We can mail you a form, or print a form with pre-paid postage.
Read more