울지않는벌새 : Security, Movie & Society

업데이트 : Mozilla Firefox 41.0

벌새::Security

모질라(Mozilla) 재단에서 제공하는 오픈 소스 기반 Mozilla Firefox 웹 브라우저가 새로운 기능 추가, 버그(Bug) 수정 및 31건의 보안 취약점 문제를 해결한 Mozilla Firefox 41.0 정식 버전을 업데이트 하였습니다.

  • Enhance IME support on Windows (Vista +) using TSF (Text Services Framework)
  • Ability to set a profile picture for your Firefox Account
  • Firefox Hello now includes instant messaging
  • SVG images can be used as favicons
  • Improved box-shadow rendering performance

이번 버전에서는 Firefox Hello 기능에 Firefox 계정 로그인없이 원하는 사람을 초대하여 대화를 나눌 수 있는 인스턴트 메시징 기능을 추가하였습니다.

 

그 외 자세한 수정 사항에 대해서는 Mozilla Firefox 41.0 Release Note 정보를 참고하시기 바랍니다.

 

보안 취약점과 관련된 업데이트 사항에서는 Critical 등급(4개), High 등급(5개), Moderate 등급(9개), Low 등급(1개)에 대한 19개의 보안 패치가 포함되어 있습니다.

 

Critical 등급

 

(1) MFSA 2015-96 : Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)

  • CVE-2015-4500 : Memory safety bugs fixed in Firefox ESR 38.3 and Firefox 41
  • CVE-2015-4501 : Memory safety bugs fixed in Firefox 41

(2) MFSA 2015-104 : Use-after-free with shared workers and IndexedDB

  • CVE-2015-4510 : IDB - Use After Free in WorkerPrivate::NotifyFeatures

(3) MFSA 2015-106 : Use-after-free while manipulating HTML media content

  • CVE-2015-4509 : HTMLVideoElement Use-After-Free Remote Code Execution

(4) MFSA 2015-113 : Memory safety errors in libGLES in the ANGLE graphics library

  • CVE-2015-7178 : Missing bounds check causes memory-safety bug in ProgramBinary::linkAttributes
  • CVE-2015-7179 : Overflow in VertexBufferInterface::reserveVertexSpace causes memory-safety bug

■ High 등급

 

(1) MFSA 2015-100 : Arbitrary file manipulation by local user through Mozilla updater

  • CVE-2015-4505 : Arbitrary file manipulation through updater.exe

(2) MFSA 2015-105 : Buffer overflow while decoding WebM video

  • CVE-2015-4511 : Heap-buffer-overflow due to overflow in nestegg_track_codec_data

(3) MFSA 2015-109 : JavaScript immutable property enforcement can be bypassed

  • CVE-2015-4516 : All property definition must enforce ES5's invariants regarding configurability, writability, etc.

(4) MFSA 2015-111 : Errors in the handling of CORS preflight request headers

  • CVE-2015-4520 : CORS preflight cache poisoning with the credentials flag
  • CORS preflight cache poisoning with a CORS header being mistaken with another CORS header

(5) MFSA 2015-112 : Vulnerabilities found through code inspection

  • CVE-2015-4517 : Memory-safety bugs in NetworkUtils.cpp generally
  • CVE-2015-4521 : Memory-safety bugs in ConvertDialogOptions
  • CVE-2015-4522 : Overflow in nsUnicodeToUTF8::GetMaxLength can create memory-safety bugs in callers
  • CVE-2015-7174 : Overflow in nsAttrAndChildArray::GrowBy causes memory-safety bug
  • CVE-2015-7175 : Overflow in XULContentSinkImpl::AddText causes memory-safety bug
  • CVE-2015-7176 : Bad sscanf argument in AnimationThread overruns stack variable
  • CVE-2015-7177 : Memory-safety bug in InitTextures
  • CVE-2015-7180 : Mishandling return status in ReadbackResultWriterD3D11::Run might cause memory-safety bug

■ Moderate 등급

 

(1) MFSA 2015-97 : Memory leak in mozTCPSocket to servers

  • CVE-2015-4503 : mozTCPSocket leaks client memory to server

(2) MFSA 2015-98 : Out of bounds read in QCMS library with ICC V4 profile attributes

  • CVE-2015-4504 : stack buffer overread in lut_inverse_interp16

(3) MFSA 2015-99 : Site attribute spoofing on Android by pasting URL with unknown scheme

  • CVE-2015-4476 : Custom URI schemes in the location bar can lead to URL & SSL spoofing

(4) MFSA 2015-101 : Buffer overflow in libvpx while parsing vp9 format video

  • CVE-2015-4506 : vp9_init_context_buffers

(5) MFSA 2015-102 : Crash when using debugger with SavedStacks in JavaScript

  • CVE-2015-4507 : Crash due to Assertion failure: getSlotRef(EVAL).isUndefined()

(6) MFSA 2015-107 : Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems

  • CVE-2015-4512 : AddressSanitizer READ of size 1364 gfx/2d/DataSurfaceHelpers.cpp

(7) MFSA 2015-108 : Scripted proxies can access inner window

  • CVE-2015-4502 : Receiver passed to proxy get hook is not outerized when proxy is on the window's proto chain

(8) MFSA 2015-110 : Dragging and dropping images exposes final URL after redirects

  • CVE-2015-4519 : Dragging and dropping image to <textbox> pastes final URL of image after redirects

(9) MFSA 2015-114 : Information disclosure via the High Resolution Time API

  • "Spy in the Sandbox" - Security issue related to High Resolution Time API
  • The Spy in the Sandbox -- Practical Cache Attacks in Javascript
  • Fingerprinting individuals via performance.now()

■ Low 등급

 

(1) MFSA 2015-103 : URL spoofing in reader mode

  • CVE-2015-4508 : URL spoofing in reader mode

그러므로 Mozilla Firefox 웹 브라우저 사용자는 자동 업데이트(Firefox 메뉴 열기 → 도움말 메뉴 열기 → Firefox 정보) 기능을 이용하여 최신 버전으로 업데이트한 후 웹 브라우저를 사용하시기 바랍니다.