{"id":"USN-2458-3","summary":"firefox regression","details":"USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a\nregression which could make websites that use CSP fail to load under some\ncircumstances. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse\n Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered\n multiple memory safety issues in Firefox. If a user were tricked in to\n opening a specially crafted website, an attacker could potentially exploit\n these to cause a denial of service via application crash, or execute\n arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2014-8634, CVE-2014-8635)\n \n Bobby Holley discovered that some DOM objects with certain properties\n can bypass XrayWrappers in some circumstances. If a user were tricked in\n to opening a specially crafted website, an attacker could potentially\n exploit this to bypass security restrictions. (CVE-2014-8636)\n \n Michal Zalewski discovered a use of uninitialized memory when rendering\n malformed bitmap images on a canvas element. If a user were tricked in to\n opening a specially crafted website, an attacker could potentially\n exploit this to steal confidential information. (CVE-2014-8637)\n \n Muneaki Nishimura discovered that requests from navigator.sendBeacon()\n lack an origin header. If a user were tricked in to opening a specially\n crafted website, an attacker could potentially exploit this to conduct\n cross-site request forgery (XSRF) attacks. (CVE-2014-8638)\n \n Xiaofeng Zheng discovered that a web proxy returning a 407 response\n could inject cookies in to the originally requested domain. If a user\n connected to a malicious web proxy, an attacker could potentially exploit\n this to conduct session-fixation attacks. (CVE-2014-8639)\n \n Holger Fuhrmannek discovered a crash in Web Audio while manipulating\n timelines. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to cause a denial\n of service. (CVE-2014-8640)\n \n Mitchell Harper discovered a use-after-free in WebRTC. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit this to cause a denial of service via application\n crash, or execute arbitrary code with the privileges of the user invoking\n Firefox. (CVE-2014-8641)\n \n Brian Smith discovered that OCSP responses would fail to verify if signed\n by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck\n extension, potentially allowing a user to connect to a site with a revoked\n certificate. (CVE-2014-8642)\n","modified":"2026-04-22T09:05:22.026127Z","published":"2015-01-27T12:13:56Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2458-3"},{"type":"REPORT","url":"https://launchpad.net/bugs/1419934"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/firefox@35.0.1+build1-0ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"35.0.1+build1-0ubuntu0.14.04.1"}]}],"versions":["24.0+build1-0ubuntu1","25.0+build3-0ubuntu0.13.10.1","28.0~b2+build1-0ubuntu2","28.0+build1-0ubuntu1","28.0+build2-0ubuntu1","28.0+build2-0ubuntu2","29.0+build1-0ubuntu0.14.04.2","30.0+build1-0ubuntu0.14.04.3","31.0+build1-0ubuntu0.14.04.1","32.0+build1-0ubuntu0.14.04.1","32.0.3+build1-0ubuntu0.14.04.1","33.0+build2-0ubuntu0.14.04.1","34.0+build2-0ubuntu0.14.04.1","35.0+build3-0ubuntu0.14.04.2"],"ecosystem_specific":{"binaries":[{"binary_version":"35.0.1+build1-0ubuntu0.14.04.1","binary_name":"firefox"},{"binary_version":"35.0.1+build1-0ubuntu0.14.04.1","binary_name":"firefox-globalmenu"},{"binary_version":"35.0.1+build1-0ubuntu0.14.04.1","binary_name":"firefox-mozsymbols"},{"binary_version":"35.0.1+build1-0ubuntu0.14.04.1","binary_name":"firefox-testsuite"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2458-3.json"}}],"schema_version":"1.7.5"}