Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 50.1 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox prior to 50.1 are unpatched for the following vulnerabilities :

- A flaw exists in 'layout/style/nsRuleNode.cpp' that is triggered when handling style contexts. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (OSVDB 148662) - An overflow condition exists in the 'GrResourceProvider::createBuffer()' function in 'gfx/skia/skia/src/gpu/GrResourceProvider.cpp'. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 148663) - A flaw exists that is triggered as certain input is not properly validated when handling regular expressions. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 148664) - A flaw exists that is triggered as certain input is not properly validated when handling clamped gradients. This may allow a context-dependent attacker to corrupt memory and crash a process linked against the library or potentially execute arbitrary code. (OSVDB 148665) - A flaw exists in the 'GetNPObjectWrapper()' function in 'dom/plugins/base/nsJSNPRuntime.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 148666) - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 148667) - A flaw exists in the 'ObjectGroup::defaultNewGroup()' function in 'js/src/vm/ObjectGroup.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 148668) - A flaw exists that is triggered as certain input is not properly validated when handling HTML5 content. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (OSVDB 148693) - An unspecified flaw exists in the 'nsDocShell::RestoreFromHistory()' function in 'docshell/base/nsDocShell.cpp'. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 148695) - An unspecified flaw exists in the 'Factory::CreateDrawTargetForData()' function in 'gfx/2d/Factory.cpp'. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 148696) - A flaw exists in 'dom/media/MediaRecorder.cpp' that is triggered when handling a document's activity state changes. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 148697) - A flaw exists in the 'nsHttpChunkedDecoder::ParseChunkRemaining()' function in 'network/protocol/http/nsHttpChunkedDecoder.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 148698) - A use-after-free error exists that is triggered when handling media content. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 148699) - A flaw exists in 'dom/bindings/BindingUtils.h' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 148701) - A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because 'addon-sdk/source/lib/sdk/ui/frame/view.html' and 'addon-sdk/source/lib/sdk/ui/frame/view.js' within the Add-ons SDK do not properly validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and an add-on. (OSVDB 148702) - A use-after-free error exists in the handling of navigator objects within WebVR. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 148703) - A use-after-free error exists in 'editor/libeditor/HTMLEditor.cpp' that is triggered when handling DOM subtrees. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 148704) - A flaw exists in the 'VaryingPacking::packVarying()' function in 'libANGLE/renderer/d3d/hlsl/VaryingPacking.cpp'. This may allow a context-dependent attacker to corrupt memory and crash a process linked against the library or potentially execute arbitrary code. (OSVDB 148705) - A use-after-free error exists in the 'nsNodeUtils::CloneAndAdopt()' function in 'dom/base/nsNodeUtils.cpp' that is triggered when handling failing node adoption. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 148706) - A flaw exists that is triggered as event handlers for marquee elements are executed despite restrictions against inline JavaScript. This may allow a context-dependent attacker to bypass the Content Security Policy (CSP). (OSVDB 148707) - A flaw exists in the 'nsDataDocumentContentPolicy::ShouldLoad()' function in 'dom/base/nsDataDocumentContentPolicy.cpp', as external resources may be inappropriately loaded by SVG images by utilizing 'data: URLs'. This may allow a context-dependent to disclose potentially sensitive cross-domain information. (OSVDB 148708) - A flaw exists that is triggered as HTML tags from the Pocket server are not properly sanitized before use. This may allow a context-dependent attacker to inject content and gain access to the Pocket Messaging API. (OSVDB 148709) - A flaw exists in 'browser/extensions/pocket/content/main.js' related to the Pocket toolbar button, as it fails to properly verify the origin of events. This may potentially allow a context-dependent attacker to execute commands from other contexts. (OSVDB 148710) - A flaw exists that is triggered as atom information may be exposed. This may allow a context-dependent attacker to use a JavaScript Map/Set timing attack to determine if atoms are used by other compartments or zones, potentially disclosing cross-domain information. (OSVDB 148711)

Solution

Upgrade to Firefox version 50.1 or later.