Firefox ESR < 38.6.1 Multiple Graphite 2 Library RCE

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser that is affected by
multiple remote code execution vulnerabilities.

Description :

The version of Mozilla Firefox ESR installed on the remote Windows
host is prior to 38.6.1. It is, therefore, affected by multiple remote
code execution vulnerabilities in the Graphite 2 library :

- An overflow condition exists in the Context Item
functionality due to improper validation of
user-supplied input. An unauthenticated, remote attacker
can exploit this, via a crafted Graphite smart font, to
cause a heap-based buffer overflow, resulting in a
denial of service or the execution of arbitrary code.
(CVE-2016-1523)

- An out-of-bounds write error exists in the setAttr()
function that is triggered when handling maliciously
crafted fonts. An unauthenticated, remote attacker can
exploit this to execute arbitrary code. (CVE-2016-1969)

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/

Solution :

Upgrade to Mozilla Firefox ESR version 38.6.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.1
(CVSS2#E:U/RL:U/RC:UC)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 88753 ()

Bugtraq ID: 82991

CVE ID: CVE-2016-1523
CVE-2016-1969

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now