Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox ESR < 45.4 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 45.4 are unpatched for the following vulnerabilities :

- A flaw exists as the certificate pinning policy for built-in sites like 'addons.mozilla.org' is not honored due to the pins having expired. This may allow a Man-in-the-Middle (MitM) attacker able to generate a trusted certificate to conduct spoofing attacks. (OSVDB 144426) - A flaw exists in 'netwerk/sctp/src/netinet/sctputil.c' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144614) - A flaw exists in the WebRTC component that is triggered as certain input is not properly validated when handling H.264 STAP-A content. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144615) - A flaw exists in the 'nsNodeUtils::CloneAndAdopt()' function in 'dom/base/nsNodeUtils.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144616) - A flaw exists in the 'parse()' function in 'libavcodec/vp9_parser.c' that is triggered when handling input frame sizes. This may allow a context-dependent attacker to corrupt memory, crashing a process linked against the library and potentially allowing the execution of arbitrary code. (OSVDB 144617) - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144618) - A flaw exists in 'netwerk/sctp/src/netinet/sctputil.c' that is triggered when handling association failures. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144619) - A flaw exists in the 'nsHttpChannelAuthProvider::OnAuthCancelled()' function in 'netwerk/protocol/http/nsHttpChannelAuthProvider.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144620) - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144621) - A flaw exists that is triggered as certain input is not properly validated when handling APNG images. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144623) - A use-after-free error exists that is triggered when handling SVG format content being manipulated through script code. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 144624) - A use-after-free error exists in the 'nsTextNodeDirectionalityMap::RemoveElementFromMap()' function in 'dom/base/DirectionalityUtils.cpp' that is triggered when handling changing of text direction. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 144625) - A use-after-free error exists in the 'nsRefreshDriver::Tick()' function that is triggered when handling web animations destroying a timeline. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 144627) - A type confusion flaw exists in 'layout/forms/nsRangeFrame.cpp' that triggered when handling layout with input elements. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 144628) - An overflow condition exists in the 'nsCaseTransformTextRunFactory::TransformString()' function in 'layout/generic/nsTextRunTransformations.cpp' that is triggered when converting text containing certain unicode characters. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 144630) - An overflow condition exists in the 'nsBMPEncoder::AddImageFrame()' function in 'dom/base/ImageEncoder.cpp' that is triggered when encoding image frames to images. This may allow a context-dependent attacker to cause a heap-based buffer overflow and potentially execute arbitrary code. (OSVDB 144634) - A use-after-free error exists in the 'DocAccessible::ProcessInvalidationList()' function in 'accessible/generic/DocAccessible.cpp' that is triggered when setting an aria-owns attribute. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 144635) - A use-after-free error exists in 'layout/style/nsRuleNode.cpp' that is triggered when handling web animations during restyling. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 144636)

Solution

Upgrade to Firefox version 45.4 or later.