| Description: | Bobby Holley, Christian Holler, David Bolter, Byron Campen, Jon Coppeard,Carsten Book, Martijn Wargers, Shih-Chiang Chien, Terrence Cole andJeff Walden discovered multiple memory safety issues in Firefox. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service via applicationcrash, or execute arbitrary code with the privileges of the user invokingFirefox. (CVE-2014-1574, CVE-2014-1575)Atte Kettunen discovered a buffer overflow during CSS manipulation. If auser were tricked in to opening a specially crafted website, an attackercould potentially exploit this to cause a denial of service viaapplication crash or execute arbitrary code with the privileges of theuser invoking Firefox. (CVE-2014-1576)Holger Fuhrmannek discovered an out-of-bounds read with Web Audio. If auser were tricked in to opening a specially crafted website, an attackercould potentially exploit this to steal sensitive information.(CVE-2014-1577)Abhishek Arya discovered an out-of-bounds write when buffering WebM videoin some circumstances. If a user were tricked in to opening a speciallycrafted website, an attacker could potentially exploit this to cause adenial of service via application crash or execute arbitrary code withthe privileges of the user invoking Firefox. (CVE-2014-1578)Michal Zalewski discovered that memory may not be correctly initializedwhen rendering a malformed GIF in to a canvas in some circumstances. Ifa user were tricked in to opening a specially crafted website, an attackercould potentially exploit this to steal sensitive information.(CVE-2014-1580)A use-after-free was discovered during text layout in some circumstances.If a user were tricked in to opening a specially crafted website, anattacker could potentially exploit this to cause a denial of service viaapplication crash or execute arbitrary code with the privileges of theuser invoking Firefox. (CVE-2014-1581)Patrick McManus and David Keeler discovered 2 issues that could resultin certificate pinning being bypassed in some circumstances. An attackerwith a fraudulent certificate could potentially exploit this conduct aman in the middle attack. (CVE-2014-1582, CVE-2014-1584)Eric Shepherd and Jan-Ivar Bruaroey discovered issues with video sharingvia WebRTC in iframes, where video continues to be shared after beingstopped and navigating to a new site doesn't turn off the camera. Anattacker could potentially exploit this to access the camera without theuser being aware. (CVE-2014-1585, CVE-2014-1586)Boris Zbarsky discovered that webapps could use the Alarm API to read thevalues of cross-origin references. If a user were tricked in to installinga specially crafter webapp, an attacker could potentially exploit this tobypass same-origin restrictions. (CVE-2014-1583) |