Firefox < 44 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The version of Firefox installed on the remote Windows host is prior
to 44. It is, therefore, affected by the following vulnerabilities :

- A cookie injection vulnerability exists due to illegal
control characters being stored as cookie values in
violation of RFC6265. A remote attacker can exploit this
to inject cookies. (CVE-2015-7208)

- Multiple unspecified memory corruption issues exist that
allow a remote attacker to execute arbitrary code.
(CVE-2016-1930, CVE-2016-1931)

- An integer overflow condition exists due to improper
parsing of GIF images during deinterlacing. A remote
attacker can exploit this, via a specially crafted GIF
image, to cause a denial of service condition or the
execution of arbitrary code. (CVE-2016-1933)

- A buffer overflow condition exists in WebGL that is
triggered when handling cache out-of-memory error
conditions. A remote attacker can exploit this to
execute arbitrary code. (CVE-2016-1935)

- A content spoofing vulnerability exists due to the
protocol handler dialog treating double click events as
two single click events. A remote attacker can exploit
this to spoof content, allowing the attacker to trick a
user into performing malicious actions. (CVE-2016-1937)

- A cryptographic weakness exists in Network Security
Services (NSS) due to incorrect calculations with
'mp_div' and 'mp_exptmod'. (CVE-2016-1938)

- A cookie injection vulnerability exists due to illegal
control characters being permitted in cookie names. A
remote attacker can exploit this to inject cookies.
(CVE-2016-1939)

- An URL spoofing vulnerability exists due to a flaw that
is triggered during the handling of a URL that invalid
for the internal protocol, causing the URL to be pasted
into the address bar. A remote attacker can exploit this
spoof URLs, allowing the attacker to trick a
user into visiting a malicious website. (CVE-2016-1942)

- An unspecified memory corruption issue exists in the
ANGLE graphics library implementation. A remote attacker
can exploit this to corrupt memory, resulting in the
execution of arbitrary code. (CVE-2016-1944)

- A wild pointer flaw exists due to improper handling of
ZIP files. A remote attacker can exploit this, via a
crafted ZIP file, to have an unspecified impact.
(CVE-2016-1945)

- An integer overflow condition exists in the bundled
version of libstagefright due to improper handling of
MP4 file metadata. A remote attacker can exploit this
to execute arbitrary code. (CVE-2016-1946)

- A flaw exists in the safe browsing feature due to the
Application Reputation service being unreachable. A
remote attacker can exploit this to convince a user
into downloading a malicious executable without being
warned. (CVE-2016-1947)

- A use-after-free error exists in Network Security
Services (NSS) due to improper handling of failed
allocations during DHE and ECDHE handshakes. An attacker
can exploit this to dereference already freed memory,
resulting in the execution of arbitrary code.
(CVE-2016-1978)

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/

Solution :

Upgrade to Firefox version 44 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now