울지않는벌새 : Security, Movie & Society

업데이트 : Mozilla Firefox 45.0

벌새::Security

모질라(Mozilla) 재단에서 제공하는 오픈 소스 기반 Mozilla Firefox 웹 브라우저가 새로운 기능 추가, 버그(Bug) 수정 및 40건의 새로운 보안 취약점 문제를 해결한 Mozilla Firefox 45.0 정식 버전이 업데이트 되었습니다.

  • Instant browser tab sharing through Hello
  • Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching
  • Synced Tabs button in button bar
  • Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level
  • Guarani [gn] locale added

이번 업데이트에서는 DNS 레벨단에서 차단된 .onion 도메인에 접속할 수 있는 "network.dns.blockDotOnion" 옵션을 제공합니다.

또한 Firefox Hello 기능을 이용하여 다른 사람을 초대 및 다른 기기에서 동기화된 탭(Tab)을 공유할 수 있는 기능을 추가하였습니다.

 

그 외 자세한 수정 사항에 대해서는 Mozilla Firefox 45.0 Release Note 정보를 참고하시기 바랍니다.

 

보안 취약점 관련 업데이트에서는 Critical 등급(8개), High 등급(7개), Moderate 등급(6개), Low 등급(1개)에 대한 22개의 보안 패치가 포함되어 있습니다.

 

Critical 등급

 

(1) MFSA 2016-16 : Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)

  • CVE-2016-1952 : Memory safety bugs fixed in Firefox ESR 38.7 and Firefox 45
  • CVE-2016-1953 : Memory safety bugs fixed in Firefox 45

(2) MFSA 2016-22 : Service Worker Manager out-of-bounds read in Service Worker Manager

  • CVE-2016-1959 : Service Worker - Memory corruption in ServiceWorkerManager

(3) MFSA 2016-23 : Use-after-free in HTML5 string parser

  • CVE-2016-1960 : ZDI-CAN-3545: Mozilla Firefox nsHtml5TreeBuilder Array Indexing Remote Code Execution Vulnerability

(4) MFSA 2016-24 : Use-after-free in SetBody

  • CVE-2016-1961 : ZDI-CAN-3574: nsHTMLDocument SetBody Use-After-Free RCE

(5) MFSA 2016-25 : Use-after-free when using multiple WebRTC data channels

  • CVE-2016-1962 : Second datachannel with id crashes in PR_Unlock | mozilla::DataChannelConnection::Close after navigation

(6) MFSA 2016-27 : Use-after-free during XML transformations

  • CVE-2016-1964 : Write AV near NULL in AtomicBaseIncDec() / Heap UAF

(7) MFSA 2016-35 : Buffer overflow during ASN.1 decoding in NSS

  • CVE-2016-1950 : NSS Heap buffer overflow vulnerability in ASN1 certificate parsing

(8) MFSA 2016-37 : Font vulnerabilities in the Graphite 2 library

  • CVE-2016-1977 : Graphite2 Machine::Code::decoder::analysis::set_ref stack out of bounds bit set
  • CVE-2016-2790 : Use of uninitialised memory in [@graphite2::TtfUtil::GetTableInfo]
  • CVE-2016-2791 : graphite2: heap-buffer-overflow read in [@graphite2::GlyphCache::glyph]
  • CVE-2016-2792 : graphite2: heap-buffer-overflow read in [@graphite2::Slot::getAttr] Slot.cpp:232
  • CVE-2016-2793 : graphite2: heap-buffer-overflow read in CachedCmap.cpp
  • CVE-2016-2794 : graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12NextCodepoint]
  • CVE-2016-2795 : Use of uninitialised memory in [@graphite2::FileFace::get_table_fn]
  • CVE-2016-2796 : graphite2: heap-buffer-overflow write in [@graphite2::vm::Machine::Code::Code]
  • CVE-2016-2797 : graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12Lookup]
  • CVE-2016-2798 : graphite2: heap-buffer-overflow read in [@graphite2::GlyphCache::Loader::Loader]
  • CVE-2016-2799 : graphite2: heap-buffer-overflow write in [@graphite2::Slot::setAttr]
  • CVE-2016-2800 : graphite2: heap-buffer-overflow read in [@graphite2::Slot::getAttr] Slot.cpp:234
  • CVE-2016-2801 : graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable12Lookup] TtfUtil.cpp:1126
  • CVE-2016-2802 : graphite2: heap-buffer-overflow read in [@graphite2::TtfUtil::CmapSubtable4NextCodepoint]

High 등급

 

(1) MFSA 2016-17 : Local file overwriting and potential privilege escalation through CSP reports

  • CVE-2016-1954 : CSP's report-uri (over-)writes files

(2) MFSA 2016-29 : Same-origin policy violation using performance.getEntries and history navigation with session restore

  • CVE-2016-1967 : Stealing of URL cross-domain using performance.getEntries() after restore previous session

(3) MFSA 2016-30 : Buffer overflow in Brotli decompression

  • CVE-2016-1968 : Buffer overflow in Brotli decompression

(4) MFSA 2016-31 : Memory corruption with malicious NPAPI plugin

  • CVE-2016-1966 : Exploitable plugin crash

(5) MFSA 2016-33 : Use-after-free in GetStaticInstance in WebRTC

  • CVE-2016-1973 : Race condition in GetStaticInstance can cause use after free

(6) MFSA 2016-34 : Out-of-bounds read in HTML parser following a failed allocation

  • CVE-2016-1974 : Lack of status return from nsScannerString::AppendUnicodeTo causes out-of-bounds read in AppendErrorPointer

(7) MFSA 2016-36 : Use-after-free during processing of DER encoded keys in NSS

  • CVE-2016-1979 : use-after-poison in PK11_ImportDERPrivateKeyInfoAndReturnKey()

■ Moderate 등급

 

(1) MFSA 2016-18 : CSP reports fail to strip location information for embedded iframe pages

  • CVE-2016-1955 : Firefox leaks URL invoked by other origins via CSP violation reports

(2) MFSA 2016-19 : Linux video memory DOS with Intel drivers

  • CVE-2016-1956 : Possible stack corruption with WebGL shaders

(3) MFSA 2016-21 : Displayed page address can be overridden

  • CVE-2016-1958 : Show about:blank using javascript URI scheme

(4) MFSA 2016-26 : Memory corruption when modifying a file being read by FileReader

  • CVE-2016-1963 : Firefox crashes when modifying a file read by FileReader through file input

(5) MFSA 2016-28 : Addressbar spoofing though history navigation and Location protocol property

  • CVE-2016-1965 : address bar spoofing using location.protocol and history.back

(6) MFSA 2016-32 : WebRTC and LibVPX vulnerabilities found through code inspection

  • CVE-2016-1970 : Underflow in srtp_unprotect could cause memory-safety bug
  • CVE-2016-1971 : Missing status check in I420VideoFrame::CreateFrame creates memory-safety bug
  • CVE-2016-1972 : Race condition in |once| can cause use after free
  • CVE-2016-1975 : Potential race conditions around block-level statics cause memory-safety bugs
  • CVE-2016-1976 : DesktopDisplayDevice::operator= uses members after delete on self-assignment

■ Low 등급

 

(1) MFSA 2016-20 : Memory leak in libstagefright when deleting an array during MP4 processing

  • CVE-2016-1957 : stagefright delete array

그러므로 Mozilla Firefox 웹 브라우저 사용자는 자동 업데이트(Firefox 메뉴 열기 → 도움말 메뉴 열기 → Firefox 정보) 기능을 이용하여 최신 버전으로 업데이트한 후 웹 브라우저를 이용하시기 바랍니다.