Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox ESR < 45.7 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR earlier than 45.7 are unpatched for the following vulnerabilities :

- A flaw exists in JIT code allocation that may allow a context-dependent attacker to bypass the Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) protection mechanisms. (OSVDB 150831) - A use-after-free error exists in the 'txExecutionState::getVariable()' function in 'dom/xslt/xslt/txExecutionState.cpp' that is triggered when handling XSL in XSLT documents. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 150832) - A flaw exists that is due to the program sharing hashed codes of JavaScripts objects between pages. This may allow a context-dependent attacker to gain access to potentially sensitive data by discovering the object's address through a pointer leak. (OSVDB 150834) - A use-after-free error exists in the 'PresShell::FlushPendingNotifications()' function in 'layout/base/PresShell.cpp' that is triggered during DOM manipulation of SVG content. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 150836) - A flaw exists that is due to the JSON viewer in the Developer Tools insecurely creating communication channels for copying and viewing JSON or HTTP headers. This may allow an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (OSVDB 150837) - A flaw exists in the 'ICCallStubCompiler::guardFunApply()' function in 'js/src/jit/BaselineIC.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 150858) - A flaw exists in the 'IonBuilder::createThisScriptedSingleton()' function in 'js/src/jit/IonBuilder.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 150859) - A flaw exists in the 'AddLazyFunctionsForCompartment()' function in 'js/src/jscompartment.cpp' that is triggered when handling references to a compartment's lazy functions. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 150860) - A flaw exists in the 'js::DefineTypedArrayElement()' function in 'js/src/vm/TypedArrayObject.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 150861) - A flaw exists in the 'DataViewObject::create()' function in 'js/src/vm/TypedArrayObject.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 150062) - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 150063) - A flaw exists in the 'IonBuilder::initEnvironmentChain()' function in 'js/src/jit/IonBuilder.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 150064) - An unspecified flaw exists in the JavaScript JIT compiler that is triggered when handling windows. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 150065) - A flaw exists in the 'nsDOMConstructor::HasInstance()' function in 'dom/base/nsDOMClassInfo.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 150066) - A use-after-free flaw exists in the 'nsDocument::SetScriptGlobalObject()' function in 'dom/base/nsDocument.cpp' that is triggered when handling specially crafted media files. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 150075) - A flaw exists that is triggered during the handling of a specially crafted URL that contains certain unicode glyphs for alternative hyphens and quotes. This may allow a context-dependent attacker to spoof the location bar. (OSVDB 150878) - A flaw exists that may allow WebExtension scripts to use the 'data: protocol' to affect pages loaded by other extensions. This may allow a context-dependent attacker to potentially disclose sensitive information or gain elevated privileges related to other extensions. (OSVDB 150881)

Solution

Upgrade to Firefox version 45.7 or later.