Bugzilla – Bug 943557
VUL-0: CVE-2015-4497: MozillaFirefox: Use-after-free when resizing canvas element during restyling (MFSA 2015-94)
Last modified: 2015-11-23 21:10:52 UTC
Mozilla Foundation Security Advisory 2015-94 Use-after-free when resizing canvas element during restyling Announced: August 27, 2015 Reporter: Jean-Max Reymond Impact: Critical Products: Firefox Firefox ESR Fixed in: Firefox 40.0.3 Firefox ESR 38.2.1 Description Mozilla community member Jean-Max Reymond discovered a use-after-free vulnerability with a <canvas> element on a page. This occurs when a resize event is triggered in concert with style changes but the canvas references have been recreated in the meantime, destroying the originally referenced context. This results in an exploitable crash. Ucha Gobejishvili, working with HP's Zero Day Initiative, subsequently reported this same issue. References * use-after-free (& crash) after style flush in CanvasRenderingContext2D (CVE-2015-4497) * Mozilla Firefox nsIPresShell Use-After-Free Remote Code Execution Vulnerability References: https://bugzilla.redhat.com/show_bug.cgi?id=1257276 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4497 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4497.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497
An update workflow for this issue was started. This issue was rated as critical. Please submit fixed packages until 2015-09-01. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62284
bugbot adjusting priority
SUSE-SU-2015:1476-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 940806,943557,943558,943608 CVE References: CVE-2015-4473,CVE-2015-4474,CVE-2015-4475,CVE-2015-4478,CVE-2015-4479,CVE-2015-4484,CVE-2015-4485,CVE-2015-4486,CVE-2015-4487,CVE-2015-4488,CVE-2015-4489,CVE-2015-4491,CVE-2015-4492,CVE-2015-4495,CVE-2015-4497,CVE-2015-4498 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): MozillaFirefox-38.2.1esr-45.1, mozilla-nss-3.19.2.0-26.2 SUSE Linux Enterprise Server 12 (src): MozillaFirefox-38.2.1esr-45.1, MozillaFirefox-branding-SLE-31.0-14.1, mozilla-nss-3.19.2.0-26.2 SUSE Linux Enterprise Desktop 12 (src): MozillaFirefox-38.2.1esr-45.1, MozillaFirefox-branding-SLE-31.0-14.1, mozilla-nss-3.19.2.0-26.2
SUSE-SU-2015:1504-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 943557,943558,943608 CVE References: CVE-2015-4497,CVE-2015-4498 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): MozillaFirefox-38.2.1esr-17.1 SUSE Linux Enterprise Server 11-SP1-LTSS (src): MozillaFirefox-38.2.1esr-17.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): MozillaFirefox-38.2.1esr-17.1 SUSE Linux Enterprise Debuginfo 11-SP1 (src): MozillaFirefox-38.2.1esr-17.1
released
SUSE-SU-2015:2081-1: An update that fixes 43 vulnerabilities is now available. Category: security (important) Bug References: 908275,940806,943557,943558,943608,947003,952810 CVE References: CVE-2015-4473,CVE-2015-4474,CVE-2015-4475,CVE-2015-4478,CVE-2015-4479,CVE-2015-4484,CVE-2015-4485,CVE-2015-4486,CVE-2015-4487,CVE-2015-4488,CVE-2015-4489,CVE-2015-4491,CVE-2015-4492,CVE-2015-4497,CVE-2015-4498,CVE-2015-4500,CVE-2015-4501,CVE-2015-4506,CVE-2015-4509,CVE-2015-4511,CVE-2015-4513,CVE-2015-4517,CVE-2015-4519,CVE-2015-4520,CVE-2015-4521,CVE-2015-4522,CVE-2015-7174,CVE-2015-7175,CVE-2015-7176,CVE-2015-7177,CVE-2015-7180,CVE-2015-7181,CVE-2015-7182,CVE-2015-7183,CVE-2015-7188,CVE-2015-7189,CVE-2015-7193,CVE-2015-7194,CVE-2015-7196,CVE-2015-7197,CVE-2015-7198,CVE-2015-7199,CVE-2015-7200 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): MozillaFirefox-38.4.0esr-0.7.1, MozillaFirefox-branding-SLED-38-0.5.3, mozilla-nspr-4.10.10-0.5.1, mozilla-nss-3.19.2.1-0.5.1