Firefox < 47 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The version of Firefox installed on the remote Windows host is prior
to 47. It is, therefore, affected by multiple vulnerabilities :

- Multiple memory corruption issues exist that allow an
unauthenticated, remote attacker to execute arbitrary
code. (CVE-2016-2815, CVE-2016-2818)

- An overflow condition exists that is triggered when
handling HTML5 fragments in foreign contexts (e.g.,
under <svg> nodes). An unauthenticated, remote attacker
can exploit this to cause a heap-based buffer overflow,
resulting in the execution of arbitrary code.
(CVE-2016-2819)

- A use-after-free error exists that is triggered when
deleting DOM table elements in 'contenteditable' mode.
An unauthenticated, remote attacker can exploit this to
dereference already freed memory, resulting in the
execution of arbitrary code. (CVE-2016-2821)

- A spoofing vulnerability exists due to improper handling
of SELECT elements. An unauthenticated, remote attacker
can exploit this to spoof the contents of the address
bar. (CVE-2016-2822)

- An out-of-bounds write error exists in the ANGLE
graphics library due to improper size checking while
writing to an array during WebGL shader operations. An
unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2016-2824)

- A same-origin bypass vulnerability exists that is
triggered when handling location.host property values
set after the creation of invalid 'data:' URIs. An
unauthenticated, remote attacker can exploit this to
partially bypass same-origin policy protections.
(CVE-2016-2825)

- A privilege escalation vulnerability exists in the
Windows updater utility due to improper extraction of
files from MAR archives. A local attacker can exploit
this to replace the extracted files, allowing the
attacker to gain elevated privileges. (CVE-2016-2826)

- A use-after-free error exists that is triggered when
destroying the recycle pool of a texture used during the
processing of WebGL content. An unauthenticated, remote
attacker can exploit this to dereference already freed
memory, resulting in the execution of arbitrary code.
(CVE-2016-2828)

- A flaw exists in browser/modules/webrtcUI.jsm that is
triggered when handling a large number of permission
requests over a small period of time. An
unauthenticated, remote attacker can exploit this to
cause the incorrect icon to be displayed in a given
permission request, potentially resulting in a user
approving unintended permission requests.
(CVE-2016-2829)

- A flaw exists that is triggered when handling paired
fullscreen and pointerlock requests in combination with
closing windows. An unauthenticated, remote attacker can
exploit this to create an unauthorized pointerlock,
resulting in a denial of service condition.
Additionally, an attacker can exploit this to conduct
spoofing and clickjacking attacks. (CVE-2016-2831)

- An information disclosure vulnerability exists that is
triggered when handling CSS pseudo-classes. An
unauthenticated, remote attacker can exploit this
disclose a list of installed plugins. (CVE-2016-2832)

- A Content Security Policy (CSP) bypass exists that is
triggered when handling specially crafted cross-domain
Java applets. An unauthenticated, remote attacker can
exploit this to bypass the CSP and conduct cross-site
scripting attacks. (CVE-2016-2833)

- Multiple unspecified flaws exist in the Mozilla Network
Security Services (NSS) component that allow an attacker
to have an unspecified impact. (CVE-2016-2834)

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2016-49/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-50/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-51/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-52/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-53/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-54/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-55/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-57/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-58/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-59/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-60/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/

Solution :

Upgrade to Firefox version 47 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.5
(CVSS2#E:U/RL:ND/RC:UR)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now