Mozilla Firefox ESR 45.x < 45.4 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The version of Mozilla Firefox ESR installed on the remote Windows
host is 45.x prior to 45.4. It is, therefore, affected by multiple
vulnerabilities :

- A flaw exists in the HttpBaseChannel::GetPerformance()
function in netwerk/protocol/http/HttpBaseChannel.cpp
due to the program leaking potentially sensitive
resources of URLs through the Resource Timing API
during page navigation. An unauthenticated, remote
attacker can exploit this to disclose sensitive
information. (CVE-2016-5250)

- Multiple memory safety issues exist that allow an
unauthenticated, remote attacker to potentially execute
arbitrary code. (CVE-2016-5257)

- An integer overflow condition exists in the
WebSocketChannel::ProcessInput() function within file
netwerk/protocol/websocket/WebSocketChannel.cpp when
handling specially crafted WebSocketChannel packets due
to improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2016-5261)

- A heap buffer overflow condition exists in the
nsCaseTransformTextRunFactory::TransformString()
function in layout/generic/nsTextRunTransformations.cpp
when converting text containing certain Unicode
characters. An unauthenticated, remote attacker can
exploit this to execute arbitrary code. (CVE-2016-5270)

- A type confusion error exists within file
layout/forms/nsRangeFrame.cpp when handling layout with
input elements. An unauthenticated, remote attacker can
exploit this to execute arbitrary code. (CVE-2016-5272)

- A use-after-free error exists within file
layout/style/nsRuleNode.cpp when handling web animations
during restyling. An unauthenticated, remote attacker
can exploit this to execute arbitrary code.
(CVE-2016-5274)

- A use-after-free error exists in the
DocAccessible::ProcessInvalidationList() function within
file accessible/generic/DocAccessible.cpp when setting
an aria-owns attribute. An unauthenticated, remote
attacker can exploit this to execute arbitrary code.
(CVE-2016-5276)

- A use-after-free error exists in the
nsRefreshDriver::Tick() function when handling web
animations destroying a timeline. An unauthenticated,
remote attacker can exploit this to execute arbitrary
code. (CVE-2016-5277)

- A buffer overflow condition exists in the
nsBMPEncoder::AddImageFrame() function within file
dom/base/ImageEncoder.cpp when encoding image frames to
images. An unauthenticated, remote attacker can exploit
this to execute arbitrary code. (CVE-2016-5278)

- A use-after-free error exists in the
nsTextNodeDirectionalityMap::RemoveElementFromMap()
function within file dom/base/DirectionalityUtils.cpp
when handling changing of text direction. An
unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2016-5280)

- A use-after-free error exists when handling SVG format
content that is being manipulated through script code.
An unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2016-5281)

- A flaw exists due to the certificate pinning policy for
built-in sites (e.g., addons.mozilla.org) not being
honored when pins have expired. A man-in-the-middle
(MitM) attacker can exploit this to generate a trusted
certificate, which could be used to conduct spoofing
attacks. (CVE-2016-5284)

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/

Solution :

Upgrade to Mozilla Firefox ESR version 45.4 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now