{"id":"USN-2917-3","summary":"firefox regressions","details":"USN-2917-1 fixed vulnerabilities in Firefox. This update caused several\nweb compatibility regressions.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.\n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1950)\n \n Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\n Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,\n Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple\n memory safety issues in Firefox. If a user were tricked in to opening a\n specially crafted website, an attacker could potentially exploit these to\n cause a denial of service via application crash, or execute arbitrary code\n with the privileges of the user invoking Firefox. (CVE-2016-1952,\n CVE-2016-1953)\n \n Nicolas Golubovic discovered that CSP violation reports can be used to\n overwrite local files. If a user were tricked in to opening a specially\n crafted website with addon signing disabled and unpacked addons installed,\n an attacker could potentially exploit this to gain additional privileges.\n (CVE-2016-1954)\n \n Muneaki Nishimura discovered that CSP violation reports contained full\n paths for cross-origin iframe navigations. An attacker could potentially\n exploit this to steal confidential data. (CVE-2016-1955)\n \n Ucha Gobejishvili discovered that performing certain WebGL operations\n resulted in memory resource exhaustion with some Intel GPUs, requiring\n a reboot. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to cause a denial\n of service. (CVE-2016-1956)\n \n Jose Martinez and Romina Santillan discovered a memory leak in\n libstagefright during MPEG4 video file processing in some circumstances.\n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n memory exhaustion. (CVE-2016-1957)\n \n Abdulrahman Alqabandi discovered that the addressbar could be blank or\n filled with page defined content in some circumstances. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n \n Looben Yang discovered an out-of-bounds read in Service Worker Manager. If\n a user were tricked in to opening a specially crafted website, an attacker\n could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1959)\n \n A use-after-free was discovered in the HTML5 string parser. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit this to cause a denial of service via application\n crash, or execute arbitrary code with the privileges of the user invoking\n Firefox. (CVE-2016-1960)\n \n A use-after-free was discovered in the SetBody function of HTMLDocument.\n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1961)\n \n Dominique Hazaël-Massieux discovered a use-after-free when using multiple\n WebRTC data channels. If a user were tricked in to opening a specially\n crafted website, an attacker could potentially exploit this to cause a\n denial of service via application crash, or execute arbitrary code with\n the privileges of the user invoking Firefox. (CVE-2016-1962)\n \n It was discovered that Firefox crashes when local files are modified\n whilst being read by the FileReader API. If a user were tricked in to\n opening a specially crafted website, an attacker could potentially exploit\n this to execute arbitrary code with the privileges of the user invoking\n Firefox. (CVE-2016-1963)\n \n Nicolas Grégoire discovered a use-after-free during XML transformations.\n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1964)\n \n Tsubasa Iinuma discovered a mechanism to cause the addressbar to display\n an incorrect URL, using history navigations and the Location protocol\n property. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to conduct URL\n spoofing attacks. (CVE-2016-1965)\n \n A memory corruption issues was discovered in the NPAPI subsystem. If\n a user were tricked in to opening a specially crafted website with a\n malicious plugin installed, an attacker could potentially exploit this\n to cause a denial of service via application crash, or execute arbitrary\n code with the privileges of the user invoking Firefox. (CVE-2016-1966)\n \n Jordi Chancel discovered a same-origin-policy bypass when using\n performance.getEntries and history navigation with session restore. If\n a user were tricked in to opening a specially crafted website, an attacker\n could potentially exploit this to steal confidential data. (CVE-2016-1967)\n \n Luke Li discovered a buffer overflow during Brotli decompression in some\n circumstances. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to cause a denial of\n service via application crash, or execute arbitrary code with the\n privileges of the user invoking Firefox. (CVE-2016-1968)\n \n Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC.\n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1973)\n \n Ronald Crane discovered an out-of-bounds read following a failed\n allocation in the HTML parser in some circumstances. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit this to cause a denial of service via application\n crash, or execute arbitrary code with the privileges of the user invoking\n Firefox. (CVE-2016-1974)\n \n Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple\n memory safety issues in the Graphite 2 library. If a user were tricked in\n to opening a specially crafted website, an attacker could potentially\n exploit these to cause a denial of service via application crash, or\n execute arbitrary code with the privileges of the user invoking Firefox.\n (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\n CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,\n CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)\n","modified":"2026-02-10T04:40:57Z","published":"2016-04-19T14:24:51Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2917-3"},{"type":"REPORT","url":"https://launchpad.net/bugs/1572169"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/firefox@45.0.2+build1-0ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.0.2+build1-0ubuntu0.14.04.1"}]}],"versions":["24.0+build1-0ubuntu1","25.0+build3-0ubuntu0.13.10.1","28.0~b2+build1-0ubuntu2","28.0+build1-0ubuntu1","28.0+build2-0ubuntu1","28.0+build2-0ubuntu2","29.0+build1-0ubuntu0.14.04.2","30.0+build1-0ubuntu0.14.04.3","31.0+build1-0ubuntu0.14.04.1","32.0+build1-0ubuntu0.14.04.1","32.0.3+build1-0ubuntu0.14.04.1","33.0+build2-0ubuntu0.14.04.1","34.0+build2-0ubuntu0.14.04.1","35.0+build3-0ubuntu0.14.04.2","35.0.1+build1-0ubuntu0.14.04.1","36.0+build2-0ubuntu0.14.04.4","36.0.1+build2-0ubuntu0.14.04.1","36.0.4+build1-0ubuntu0.14.04.1","37.0+build2-0ubuntu0.14.04.1","37.0.1+build1-0ubuntu0.14.04.1","37.0.2+build1-0ubuntu0.14.04.1","38.0+build3-0ubuntu0.14.04.1","39.0+build5-0ubuntu0.14.04.1","39.0.3+build2-0ubuntu0.14.04.1","40.0+build4-0ubuntu0.14.04.1","40.0+build4-0ubuntu0.14.04.4","40.0.3+build1-0ubuntu0.14.04.1","41.0+build3-0ubuntu0.14.04.1","41.0.1+build2-0ubuntu0.14.04.1","41.0.2+build2-0ubuntu0.14.04.1","42.0+build2-0ubuntu0.14.04.1","43.0+build1-0ubuntu0.14.04.1","43.0.4+build3-0ubuntu0.14.04.1","44.0+build3-0ubuntu0.14.04.1","44.0.1+build2-0ubuntu0.14.04.1","44.0.2+build1-0ubuntu0.14.04.1","45.0+build2-0ubuntu0.14.04.1","45.0.1+build1-0ubuntu0.14.04.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"45.0.2+build1-0ubuntu0.14.04.1","binary_name":"firefox"},{"binary_version":"45.0.2+build1-0ubuntu0.14.04.1","binary_name":"firefox-dev"},{"binary_version":"45.0.2+build1-0ubuntu0.14.04.1","binary_name":"firefox-globalmenu"},{"binary_version":"45.0.2+build1-0ubuntu0.14.04.1","binary_name":"firefox-mozsymbols"},{"binary_version":"45.0.2+build1-0ubuntu0.14.04.1","binary_name":"firefox-testsuite"}]},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2917-3.json"}}],"schema_version":"1.7.3"}