This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote Windows host contains a web browser that is affected by
multiple remote code execution vulnerabilities.
The version of Mozilla Firefox ESR installed on the remote Windows
host is prior to 38.6.1. It is, therefore, affected by multiple remote
code execution vulnerabilities in the Graphite 2 library :
- An overflow condition exists in the Context Item
functionality due to improper validation of
user-supplied input. An unauthenticated, remote attacker
can exploit this, via a crafted Graphite smart font, to
cause a heap-based buffer overflow, resulting in a
denial of service or the execution of arbitrary code.
- An out-of-bounds write error exists in the setAttr()
function that is triggered when handling maliciously
crafted fonts. An unauthenticated, remote attacker can
exploit this to execute arbitrary code. (CVE-2016-1969)
See also :
Upgrade to Mozilla Firefox ESR version 38.6.1 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.1
Public Exploit Available : false