Bug 977379 - (CVE-2016-2811) VUL-0: CVE-2016-2811, CVE-2016-2812: MozillaFirefox: Use-after-free and buffer overflow in Service Workers (MFSA 2016-42)
VUL-0: CVE-2016-2811, CVE-2016-2812: MozillaFirefox: Use-after-free and buffe...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
All openSUSE 42.1
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
Depends on: 977333
  Show dependency treegraph
Reported: 2016-04-27 08:45 UTC by Andreas Stieger
Modified: 2020-04-05 18:21 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-04-27 08:45:09 UTC

Security researcher Looben Yang reported two issues discovered in Service Workers using Address Sanitizer.

The first of these is a use-after-free vulnerability caused by a ServiceWorkerInfo object being kept active beyond the life its owning registration. When it is later called through this registration, a use-after-free results.

In the second issue, a race condition leading to a buffer overflow was found in the ServiceWorkerManager. This leads to a potentially exploitable crash when triggered. 

Service Worker - Use After Free in BeginReading() (CVE-2016-2811)

Service Worker - Buffer overflow in get() (CVE-2016-2812)

Affects openSUSE only.
Comment 1 Swamp Workflow Management 2016-04-27 22:01:17 UTC
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2016-04-30 08:00:55 UTC
This is an autogenerated message for OBS integration:
This bug (977379) was mentioned in
https://build.opensuse.org/request/show/392977 Factory / MozillaFirefox
https://build.opensuse.org/request/show/392978 42.1 / MozillaFirefox
https://build.opensuse.org/request/show/392979 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/392980 13.1 / MozillaFirefox
Comment 3 Andreas Stieger 2016-04-30 10:21:27 UTC
openSUSE submitted, updates running
Comment 4 Bernhard Wiedemann 2016-05-04 06:00:42 UTC
This is an autogenerated message for OBS integration:
This bug (977379) was mentioned in
https://build.opensuse.org/request/show/393514 Factory / MozillaFirefox
Comment 5 Swamp Workflow Management 2016-05-04 13:09:28 UTC
openSUSE-SU-2016:1211-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 977333,977373,977375,977376,977379,977381,977382,977384,977386,977388
CVE References: CVE-2016-2804,CVE-2016-2806,CVE-2016-2807,CVE-2016-2808,CVE-2016-2811,CVE-2016-2812,CVE-2016-2814,CVE-2016-2816,CVE-2016-2817,CVE-2016-2820
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-46.0-21.1, mozilla-nss-3.22.3-15.2
openSUSE 13.2 (src):    MozillaFirefox-46.0-68.1, mozilla-nss-3.22.3-31.1
Comment 6 Andreas Stieger 2016-05-04 13:20:25 UTC
Closing bugs exclusive to openSUSE as fixed.
Comment 7 Swamp Workflow Management 2016-05-06 14:08:45 UTC
openSUSE-SU-2016:1251-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 977333,977373,977375,977376,977377,977378,977379,977380,977381,977382,977384,977386,977388
CVE References: CVE-2016-2804,CVE-2016-2806,CVE-2016-2807,CVE-2016-2808,CVE-2016-2809,CVE-2016-2810,CVE-2016-2811,CVE-2016-2812,CVE-2016-2813,CVE-2016-2814,CVE-2016-2816,CVE-2016-2817,CVE-2016-2820
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-46.0-113.2, mozilla-nss-3.22.3-77.1