First Last Prev Next    This bug is not in your last search results.
Bug 977379 - (CVE-2016-2811) VUL-0: CVE-2016-2811, CVE-2016-2812: MozillaFirefox: Use-after-free and buffer overflow in Service Workers (MFSA 2016-42)
(CVE-2016-2811)
VUL-0: CVE-2016-2811, CVE-2016-2812: MozillaFirefox: Use-after-free and buffe...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All openSUSE 42.1
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on: 977333
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-27 08:45 UTC by Andreas Stieger
Modified: 2020-04-05 18:21 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-04-27 08:45:09 UTC 
https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/

Security researcher Looben Yang reported two issues discovered in Service Workers using Address Sanitizer.

The first of these is a use-after-free vulnerability caused by a ServiceWorkerInfo object being kept active beyond the life its owning registration. When it is later called through this registration, a use-after-free results.

In the second issue, a race condition leading to a buffer overflow was found in the ServiceWorkerManager. This leads to a potentially exploitable crash when triggered. 

Service Worker - Use After Free in BeginReading() (CVE-2016-2811)
https://bugzilla.mozilla.org/show_bug.cgi?id=1252330

Service Worker - Buffer overflow in get() (CVE-2016-2812)
https://bugzilla.mozilla.org/show_bug.cgi?id=1261776

Affects openSUSE only.
Comment 1 Swamp Workflow Management 2016-04-27 22:01:17 UTC 
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2016-04-30 08:00:55 UTC 
This is an autogenerated message for OBS integration:
This bug (977379) was mentioned in
https://build.opensuse.org/request/show/392977 Factory / MozillaFirefox
https://build.opensuse.org/request/show/392978 42.1 / MozillaFirefox
https://build.opensuse.org/request/show/392979 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/392980 13.1 / MozillaFirefox
Comment 3 Andreas Stieger 2016-04-30 10:21:27 UTC 
openSUSE submitted, updates running
Comment 4 Bernhard Wiedemann 2016-05-04 06:00:42 UTC 
This is an autogenerated message for OBS integration:
This bug (977379) was mentioned in
https://build.opensuse.org/request/show/393514 Factory / MozillaFirefox
Comment 5 Swamp Workflow Management 2016-05-04 13:09:28 UTC 
openSUSE-SU-2016:1211-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 977333,977373,977375,977376,977379,977381,977382,977384,977386,977388
CVE References: CVE-2016-2804,CVE-2016-2806,CVE-2016-2807,CVE-2016-2808,CVE-2016-2811,CVE-2016-2812,CVE-2016-2814,CVE-2016-2816,CVE-2016-2817,CVE-2016-2820
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-46.0-21.1, mozilla-nss-3.22.3-15.2
openSUSE 13.2 (src):    MozillaFirefox-46.0-68.1, mozilla-nss-3.22.3-31.1
Comment 6 Andreas Stieger 2016-05-04 13:20:25 UTC 
Closing bugs exclusive to openSUSE as fixed.
Comment 7 Swamp Workflow Management 2016-05-06 14:08:45 UTC 
openSUSE-SU-2016:1251-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 977333,977373,977375,977376,977377,977378,977379,977380,977381,977382,977384,977386,977388
CVE References: CVE-2016-2804,CVE-2016-2806,CVE-2016-2807,CVE-2016-2808,CVE-2016-2809,CVE-2016-2810,CVE-2016-2811,CVE-2016-2812,CVE-2016-2813,CVE-2016-2814,CVE-2016-2816,CVE-2016-2817,CVE-2016-2820
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-46.0-113.2, mozilla-nss-3.22.3-77.1
First Last Prev Next    This bug is not in your last search results.