{"id":"USN-2505-1","summary":"firefox vulnerabilities","details":"Matthew Noorenberghe discovered that Mozilla domains in the allowlist\ncould make UITour API calls from background tabs. If one of these domains\nwere compromised and open in a background tab, an attacker could \npotentially exploit this to conduct clickjacking attacks. (CVE-2015-0819)\n\nJan de Mooij discovered an issue that affects content using the Caja\nCompiler. If web content loads specially crafted code, this could be used\nto bypass sandboxing security measures provided by Caja. (CVE-2015-0820)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse\nand key combinations could allow a Chrome privileged URL to be opened\nwithout context restrictions being preserved. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to bypass security restrictions. (CVE-2015-0821)\n\nArmin Razmdjou discovered that contents of locally readable files could\nbe made available via manipulation of form autocomplete in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to obtain sensitive\ninformation. (CVE-2015-0822)\n\nAtte Kettunen discovered a use-after-free in the OpenType Sanitiser (OTS)\nin some circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash. (CVE-2015-0823)\n\nAtte Kettunen discovered a crash when drawing images using Cairo in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice. (CVE-2015-0824)\n\nAtte Kettunen discovered a buffer underflow during playback of MP3 files\nin some circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to obtain\nsensitive information. (CVE-2015-0825)\n\nAtte Kettunen discovered a buffer overflow during CSS restyling in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-0826)\n\nAbhishek Arya discovered an out-of-bounds read and write when rendering\nSVG content in some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit this\nto obtain sensitive information. (CVE-2015-0827)\n\nA buffer overflow was discovered in libstagefright during video playback\nin some circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-0829)\n\nDaniele Di Proietto discovered that WebGL could cause a crash in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice. (CVE-2015-0830)\n\nPaul Bandha discovered a use-after-free in IndexedDB. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-0831)\n\nMuneaki Nishimura discovered that a period appended to a hostname could\nbypass key pinning and HSTS in some circumstances. A remote attacker could\npotentially exloit this to conduct a Machine-in-the-middle (MITM) attack.\n(CVE-2015-0832)\n\nAlexander Kolesnik discovered that Firefox would attempt plaintext\nconnections to servers when handling turns: and stuns: URIs. A remote\nattacker could potentially exploit this by conducting a Machine-in-the-middle\n(MITM) attack in order to obtain credentials. (CVE-2015-0834)\n \nCarsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron\nCampen, Tom Schuster, Ryan VanderMeulen, Christian Holler, Jesse Ruderman,\nRandell Jesup, Robin Whittleton, Jon Coppeard, and Nikhil Marathe\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-0835, CVE-2015-0836)\n","modified":"2026-04-22T09:08:16.554752Z","published":"2015-02-25T21:53:16Z","related":["UBUNTU-CVE-2015-0819","UBUNTU-CVE-2015-0820","UBUNTU-CVE-2015-0821","UBUNTU-CVE-2015-0822","UBUNTU-CVE-2015-0823","UBUNTU-CVE-2015-0824","UBUNTU-CVE-2015-0825","UBUNTU-CVE-2015-0826","UBUNTU-CVE-2015-0827","UBUNTU-CVE-2015-0829","UBUNTU-CVE-2015-0830","UBUNTU-CVE-2015-0831","UBUNTU-CVE-2015-0832","UBUNTU-CVE-2015-0834","UBUNTU-CVE-2015-0835","UBUNTU-CVE-2015-0836"],"upstream":["CVE-2015-0819","CVE-2015-0820","CVE-2015-0821","CVE-2015-0822","CVE-2015-0823","CVE-2015-0824","CVE-2015-0825","CVE-2015-0826","CVE-2015-0827","CVE-2015-0829","CVE-2015-0830","CVE-2015-0831","CVE-2015-0832","CVE-2015-0834","CVE-2015-0835","CVE-2015-0836","UBUNTU-CVE-2015-0819","UBUNTU-CVE-2015-0820","UBUNTU-CVE-2015-0821","UBUNTU-CVE-2015-0822","UBUNTU-CVE-2015-0823","UBUNTU-CVE-2015-0824","UBUNTU-CVE-2015-0825","UBUNTU-CVE-2015-0826","UBUNTU-CVE-2015-0827","UBUNTU-CVE-2015-0829","UBUNTU-CVE-2015-0830","UBUNTU-CVE-2015-0831","UBUNTU-CVE-2015-0832","UBUNTU-CVE-2015-0834","UBUNTU-CVE-2015-0835","UBUNTU-CVE-2015-0836"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2505-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0819"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0820"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0821"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0822"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0823"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0824"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0825"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0826"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0827"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0829"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0830"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0831"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0832"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0834"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0835"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0836"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/firefox@36.0+build2-0ubuntu0.14.04.4?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"36.0+build2-0ubuntu0.14.04.4"}]}],"versions":["24.0+build1-0ubuntu1","25.0+build3-0ubuntu0.13.10.1","28.0~b2+build1-0ubuntu2","28.0+build1-0ubuntu1","28.0+build2-0ubuntu1","28.0+build2-0ubuntu2","29.0+build1-0ubuntu0.14.04.2","30.0+build1-0ubuntu0.14.04.3","31.0+build1-0ubuntu0.14.04.1","32.0+build1-0ubuntu0.14.04.1","32.0.3+build1-0ubuntu0.14.04.1","33.0+build2-0ubuntu0.14.04.1","34.0+build2-0ubuntu0.14.04.1","35.0+build3-0ubuntu0.14.04.2","35.0.1+build1-0ubuntu0.14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"36.0+build2-0ubuntu0.14.04.4","binary_name":"firefox"},{"binary_version":"36.0+build2-0ubuntu0.14.04.4","binary_name":"firefox-globalmenu"},{"binary_version":"36.0+build2-0ubuntu0.14.04.4","binary_name":"firefox-mozsymbols"},{"binary_version":"36.0+build2-0ubuntu0.14.04.4","binary_name":"firefox-testsuite"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2505-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0819"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0820"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0821"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0822"},{"severity":[{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-0823"},{"severity":[{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-0824"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0825"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0826"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0827"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0829"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0830"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0831"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0832"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0834"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0835"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-0836"}]}}}],"schema_version":"1.7.5"}