Red Hat Addresses Critical Firefox Vulnerability

On April 26th, 2016, Red Hat 5, 6, and 7 along with its community-supported counterpart CentOS have released a major new Firefox upgrade to address a number of Critical vulnerabilities in the Extend Support Release (ESR) version of Mozilla's browser software.  The version number jumps to 45 from the current 38.  According to the Security Advisory, Mozilla reported that the Firefox version available for Enterprise Linux distributions--i.e. 38.8--could allow
 "A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
(CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814)"

Upstream, Mozilla's Security Advosories page for the Extended Support Release (ESR) of Firefox tracks this issue and has some relevant links for the different vulnerabilities addressed by this major update.

firefox-45.1.0-1.el7_2.src.rpm

Buffer Overflow in libstagefright

 First, the potential for a web page containing malicious content to crash firefox is outlined and tracked by mozilla at https://www.mozilla.org/en-US/security/advisories/mfsa2016-44. Red Hat's advisory page shows a Common Vulnerability Score (CVS) of 5.1. According to the short description publicly available:

Using Address Sanitizer, security researcher Sascha Just reported a buffer overflow in the libstagefright library due to issues with the handling of CENC offsets and the sizes table.


 Overflow from Invalid HashMap Entry in Javascript.watch()

The second High issue addressed with this major update fixes the vulnerability in Firefox ESR that allowed malware content in a web page to execute code as the user under which the Firefox process was run.  This issue was exploitable using the Javascript.watch() method.  Red Hat's advisory page shows a CVS score of 5.1.  Mozilla's Security Advisory page has the following short description about this issue:

The CESG, the Information Security Arm of GCHQ, reported that the JavaScript .watch() method could be used to overflow the 32-bit generation count of the underlying HashMap, resulting in a write to an invalid entry. Under the right conditions this write could lead to arbitrary code execution. The overflow takes considerable time and a malicious page would require a user to keep it open for the duration of the attack.

 Critical Memory Safety Problems

According to the Security Advisory pages for Red Hat as well as Mozilla, the various memory safety problems that were fixed by this release had a Critical level impact.  Red Hat's advisory page shows a Common Vulnerability Score (CVS) of 6.8 for all three of the relevant problems that were still present in the Firefox version 38.8 ESR.


Additional Resources


Popular posts from this blog

Password Policy in RHEL 7

Centos 7 pulseaudio

EFF Announces Voting Registration Service