USN-2185-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-2185-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2185-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-2185-1
Related
Published
2014-04-29T19:40:21.565522Z
Modified
2014-04-29T19:40:21.565522Z
Summary
firefox vulnerabilities
Details

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1518, CVE-2014-1519)

An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1522)

Abhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523)

Abhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1524)

Abhishek Arya discovered a use-after-free in the Text Track Manager when processing HTML video. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1525)

Jukka Jylänki discovered an out-of-bounds write in Cairo when working with canvas in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1528)

Mariusz Mlynski discovered that sites with notification permissions can run script in a privileged context in some circumstances. An attacker could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1529)

It was discovered that browser history navigations could be used to load a site with the addressbar displaying the wrong address. An attacker could potentially exploit this to conduct cross-site scripting or phishing attacks. (CVE-2014-1530)

A use-after-free was discovered when resizing images in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1531)

Christian Heimes discovered that NSS did not handle IDNA domain prefixes correctly for wildcard certificates. An attacker could potentially exploit this by using a specially crafted certificate to conduct a machine-in-the-middle attack. (CVE-2014-1492)

Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during host resolution in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1532)

Boris Zbarsky discovered that the debugger bypassed XrayWrappers for some objects. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1526)

References

Affected packages

Ubuntu:14.04:LTS / firefox

Package

Name
firefox
Purl
pkg:deb/ubuntu/firefox@29.0+build1-0ubuntu0.14.04.2?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
29.0+build1-0ubuntu0.14.04.2

Affected versions

24.*

24.0+build1-0ubuntu1

25.*

25.0+build3-0ubuntu0.13.10.1

28.*

28.0~b2+build1-0ubuntu2
28.0+build1-0ubuntu1
28.0+build2-0ubuntu1
28.0+build2-0ubuntu2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "firefox-locale-nl": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-kn": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-gl": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-sv": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-eo": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-fy": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-or": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-lt": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-kk": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-hy": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-km": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-uk": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-sr": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ca": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-is": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-dbg": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-testsuite": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ga": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-it": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ja": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-lg": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ms": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-dev": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-mozsymbols": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ko": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-hr": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-mai": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-nb": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-zh-hans": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-vi": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-he": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-sw": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-el": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-oc": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-xh": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-nn": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ar": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-csb": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-cs": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-zu": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ro": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-globalmenu": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-af": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-nso": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-sk": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-si": "29.0+build1-0ubuntu0.14.04.2",
            "firefox": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-cy": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-fa": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-mn": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-sq": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-en": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-tr": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-br": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-et": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ast": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-th": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-da": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-fi": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ku": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ru": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-mk": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-bg": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-hu": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-gu": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-bn": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ml": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-an": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-be": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-eu": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-fr": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-pa": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-as": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ta": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-mr": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-bs": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-te": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-id": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-ka": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-pl": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-gd": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-hi": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-zh-hant": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-lv": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-es": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-de": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-sl": "29.0+build1-0ubuntu0.14.04.2",
            "firefox-locale-pt": "29.0+build1-0ubuntu0.14.04.2"
        }
    ]
}