usn-2833-1
Vulnerability from osv_ubuntu
Published
2015-12-15 21:49
Modified
2026-04-22 07:36
Summary
firefox vulnerabilities
Details

Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7201, CVE-2015-7202)

Ronald Crane discovered three buffer overflows through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7203, CVE-2015-7220, CVE-2015-7221)

Cajus Pollmeier discovered a crash during javascript variable assignments in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7204)

Ronald Crane discovered a buffer overflow through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7205)

It was discovered that it is possible to read cross-origin URLs following a redirect if performance.getEntries() is used with an iframe to host a page. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-7207)

It was discovered that Firefox allows for control characters to be set in cookies. An attacker could potentially exploit this to conduct cookie injection attacks on some web servers. (CVE-2015-7208)

Looben Yang discovered a use-after-free in WebRTC when closing channels in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7210)

Abdulrahman Alqabandi discovered that hash symbol is incorrectly handled when parsing data: URLs. An attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-7211)

Abhishek Arya discovered an integer overflow when allocating large textures. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7212)

Ronald Crane dicovered an integer overflow when processing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7213)

Tsubasa Iinuma discovered a way to bypass same-origin restrictions using data: and view-source: URLs. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information and read local files. (CVE-2015-7214)

Masato Kinugawa discovered a cross-origin information leak in error events in web workers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-7215)

Gustavo Grieco discovered that the file chooser crashed on malformed images due to flaws in the Jasper library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-7216, CVE-2015-7217)

Stuart Larsen discoverd two integer underflows when handling malformed HTTP/2 frames in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash. (CVE-2015-7218, CVE-2015-7219)

Gerald Squelart discovered an integer underflow in the libstagefright library when parsing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-7222)

Kris Maglione discovered a mechanism where web content could use WebExtension APIs to execute code with the privileges of a particular WebExtension. If a user were tricked in to opening a specially crafted website with a vulnerable extension installed, an attacker could potentially exploit this to obtain sensitive information or conduct cross-site scripting (XSS) attacks. (CVE-2015-7223)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2015-7201",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7202",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7203",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7204",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7205",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7207",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7208",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7210",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7211",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7212",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7213",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7214",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7215",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7216",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7217",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7218",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7219",
              "severity": [
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7220",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7221",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7222",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2015-7223",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "firefox",
            "binary_version": "43.0+build1-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-globalmenu",
            "binary_version": "43.0+build1-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-mozsymbols",
            "binary_version": "43.0+build1-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-testsuite",
            "binary_version": "43.0+build1-0ubuntu0.14.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "firefox",
        "purl": "pkg:deb/ubuntu/firefox@43.0+build1-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "43.0+build1-0ubuntu0.14.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "24.0+build1-0ubuntu1",
        "25.0+build3-0ubuntu0.13.10.1",
        "28.0~b2+build1-0ubuntu2",
        "28.0+build1-0ubuntu1",
        "28.0+build2-0ubuntu1",
        "28.0+build2-0ubuntu2",
        "29.0+build1-0ubuntu0.14.04.2",
        "30.0+build1-0ubuntu0.14.04.3",
        "31.0+build1-0ubuntu0.14.04.1",
        "32.0+build1-0ubuntu0.14.04.1",
        "32.0.3+build1-0ubuntu0.14.04.1",
        "33.0+build2-0ubuntu0.14.04.1",
        "34.0+build2-0ubuntu0.14.04.1",
        "35.0+build3-0ubuntu0.14.04.2",
        "35.0.1+build1-0ubuntu0.14.04.1",
        "36.0+build2-0ubuntu0.14.04.4",
        "36.0.1+build2-0ubuntu0.14.04.1",
        "36.0.4+build1-0ubuntu0.14.04.1",
        "37.0+build2-0ubuntu0.14.04.1",
        "37.0.1+build1-0ubuntu0.14.04.1",
        "37.0.2+build1-0ubuntu0.14.04.1",
        "38.0+build3-0ubuntu0.14.04.1",
        "39.0+build5-0ubuntu0.14.04.1",
        "39.0.3+build2-0ubuntu0.14.04.1",
        "40.0+build4-0ubuntu0.14.04.1",
        "40.0+build4-0ubuntu0.14.04.4",
        "40.0.3+build1-0ubuntu0.14.04.1",
        "41.0+build3-0ubuntu0.14.04.1",
        "41.0.1+build2-0ubuntu0.14.04.1",
        "41.0.2+build2-0ubuntu0.14.04.1",
        "42.0+build2-0ubuntu0.14.04.1"
      ]
    }
  ],
  "aliases": [],
  "details": "Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman,\nEric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty\ndiscovered multiple memory safety issues in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-7201, CVE-2015-7202)\n\nRonald Crane discovered three buffer overflows through code inspection.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2015-7203, CVE-2015-7220, CVE-2015-7221)\n\nCajus Pollmeier discovered a crash during javascript variable assignments\nin some circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-7204)\n\nRonald Crane discovered a buffer overflow through code inspection. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2015-7205)\n\nIt was discovered that it is possible to read cross-origin URLs following\na redirect if performance.getEntries() is used with an iframe to host a\npage. If a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to bypass same-origin\nrestrictions. (CVE-2015-7207)\n\nIt was discovered that Firefox allows for control characters to be set in\ncookies. An attacker could potentially exploit this to conduct cookie\ninjection attacks on some web servers. (CVE-2015-7208)\n\nLooben Yang discovered a use-after-free in WebRTC when closing channels in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2015-7210)\n\nAbdulrahman Alqabandi discovered that hash symbol is incorrectly handled\nwhen parsing data: URLs. An attacker could potentially exploit this to\nconduct URL spoofing attacks. (CVE-2015-7211)\n\nAbhishek Arya discovered an integer overflow when allocating large\ntextures. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-7212)\n\nRonald Crane dicovered an integer overflow when processing MP4 format\nvideo in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2015-7213)\n\nTsubasa Iinuma discovered a way to bypass same-origin restrictions using\ndata: and view-source: URLs. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nobtain sensitive information and read local files. (CVE-2015-7214)\n\nMasato Kinugawa discovered a cross-origin information leak in error events\nin web workers. An attacker could potentially exploit this to obtain\nsensitive information. (CVE-2015-7215)\n\nGustavo Grieco discovered that the file chooser crashed on malformed\nimages due to flaws in the Jasper library. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service.\n(CVE-2015-7216, CVE-2015-7217)\n\nStuart Larsen discoverd two integer underflows when handling malformed\nHTTP/2 frames in some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit these\nto cause a denial of service via application crash. (CVE-2015-7218,\nCVE-2015-7219)\n\nGerald Squelart discovered an integer underflow in the libstagefright\nlibrary when parsing MP4 format video in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-7222)\n\nKris Maglione discovered a mechanism where web content could use\nWebExtension APIs to execute code with the privileges of a particular\nWebExtension. If a user were tricked in to opening a specially crafted\nwebsite with a vulnerable extension installed, an attacker could\npotentially exploit this to obtain sensitive information or conduct\ncross-site scripting (XSS) attacks. (CVE-2015-7223)\n",
  "id": "USN-2833-1",
  "modified": "2026-04-22T07:36:32Z",
  "published": "2015-12-15T21:49:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-2833-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7201"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7202"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7203"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7204"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7205"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7207"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7208"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7210"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7211"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7212"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7213"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7214"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7215"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7216"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7217"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7218"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7219"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7220"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7221"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7222"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2015-7223"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "firefox vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2015-7201",
    "UBUNTU-CVE-2015-7202",
    "UBUNTU-CVE-2015-7203",
    "UBUNTU-CVE-2015-7204",
    "UBUNTU-CVE-2015-7205",
    "UBUNTU-CVE-2015-7207",
    "UBUNTU-CVE-2015-7208",
    "UBUNTU-CVE-2015-7210",
    "UBUNTU-CVE-2015-7211",
    "UBUNTU-CVE-2015-7212",
    "UBUNTU-CVE-2015-7213",
    "UBUNTU-CVE-2015-7214",
    "UBUNTU-CVE-2015-7215",
    "UBUNTU-CVE-2015-7216",
    "UBUNTU-CVE-2015-7217",
    "UBUNTU-CVE-2015-7218",
    "UBUNTU-CVE-2015-7219",
    "UBUNTU-CVE-2015-7220",
    "UBUNTU-CVE-2015-7221",
    "UBUNTU-CVE-2015-7222",
    "UBUNTU-CVE-2015-7223"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…