AVG-24

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 48.0.2-1
Fixed 49.0-1
Current 60.0.2-1 [extra]
Ticket None
Created Tue Sep 20 21:44:37 2016
Issue Severity Remote Type Description
CVE-2016-5284 High Yes Certificate verification bypass
Due to flaws in the process used to update "Preloaded Public Key Pinning", the pinning for add-on updates became ineffective in early September. An attacker...
CVE-2016-5283 High Yes Information disclosure
A timing attack vulnerability was discovered using iframes to potentially reveal private cross-origin data using document resizes and link colors.
CVE-2016-5282 Medium Yes Access restriction bypass
Favicons can be loaded through non-whitelisted protocols, such as jar.
CVE-2016-5281 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the DOMSVGLength when manipulating SVG format content through a script.
CVE-2016-5280 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function when changing text direction.
CVE-2016-5279 Medium Yes Information disclosure
The full path to local files is available to scripts when local files are drag and dropped into Firefox.
CVE-2016-5278 Critical Yes Arbitrary code execution
A potentially exploitable crash caused by a heap based buffer overflow has been discovered in the nsBMPEncoder::AddImageFrame function while encoding image...
CVE-2016-5277 High Yes Arbitrary code execution
A user-after-free vulnerability has been disconvered in the nsRefreshDriver::Tick function with web animations when destroying a timeline.
CVE-2016-5276 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the mozilla::a11y::DocAccessible::ProcessInvalidationList function triggered by setting a aria-owns attribute.
CVE-2016-5275 Critical Yes Arbitrary code execution
A buffer overflow vulnerability has been discovered in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function when working with empty filters...
CVE-2016-5274 High Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the nsFrameManager::CaptureFrameState function in web animations during restyling.
CVE-2016-5273 Critical Yes Arbitrary code execution
A potentially exploitable crash in accessibility in the mozilla::a11y::HyperTextAccessible::GetChildOffset function.
CVE-2016-5272 Critical Yes Arbitrary code execution
A bad cast when processing layout with input elements can result in a potentially exploitable crash.
CVE-2016-5271 Low Yes Information disclosure
An out-of-bounds read during the processing of text runs in some pages using display:contents.
CVE-2016-5270 High Yes Arbitrary code execution
An out-of-bounds write of a boolean value during text conversion with some unicode characters.
CVE-2016-5257 Critical Yes Arbitrary code execution
Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and...
CVE-2016-5256 Critical Yes Arbitrary code execution
Mozilla developers Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported memory safety bugs...
Date Advisory Package Description
22 Sep 2016 ASA-201609-22 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/