EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1046)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the firefox package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- Mozilla Firefox before 48.0 allows remote attackers to
obtain sensitive information about the previously
retrieved page via Resource Timing API
calls.(CVE-2016-5250)

- Multiple unspecified vulnerabilities in the browser
engine in Mozilla Firefox before 49.0 and Firefox ESR
45.x before 45.4 allow remote attackers to cause a
denial of service (memory corruption and application
crash) or possibly execute arbitrary code via unknown
vectors.(CVE-2016-5257)

- Integer overflow in the WebSocketChannel class in the
WebSockets subsystem in Mozilla Firefox before 48.0
allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via
crafted packets that trigger incorrect buffer-resize
operations during buffering.(CVE-2016-5261)

- Heap-based buffer overflow in the
nsCaseTransformTextRunFactory::TransformString function
in Mozilla Firefox before 49.0 and Firefox ESR 45.x
before 45.4 allows remote attackers to cause a denial
of service (boolean out-of-bounds write) or possibly
have unspecified other impact via Unicode characters
that are mishandled during text
conversion.(CVE-2016-5270)

- The nsImageGeometryMixin class in Mozilla Firefox
before 49.0 and Firefox ESR 45.x before 45.4 does not
properly perform a cast of an unspecified variable
during handling of INPUT elements, which allows remote
attackers to execute arbitrary code via a crafted web
site.(CVE-2016-5272)

- Use-after-free vulnerability in the
nsFrameManager::CaptureFrameState function in Mozilla
Firefox before 49.0 and Firefox ESR 45.x before 45.4
allows remote attackers to execute arbitrary code by
leveraging improper interaction between restyling and
the Web Animations model implementation.(CVE-2016-5274)

- Use-after-free vulnerability in the
mozilla::a11y::DocAccessible::ProcessInvalidationList
function in Mozilla Firefox before 49.0 and Firefox ESR
45.x before 45.4 allows remote attackers to execute
arbitrary code or cause a denial of service (heap
memory corruption) via an aria-owns
attribute.(CVE-2016-5276)

- Use-after-free vulnerability in the
nsRefreshDriver::Tick function in Mozilla Firefox
before 49.0 and Firefox ESR 45.x before 45.4 allows
remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) by
leveraging improper interaction between timeline
destruction and the Web Animations model
implementation.(CVE-2016-5277)

- Heap-based buffer overflow in the
nsBMPEncoder::AddImageFrame function in Mozilla Firefox
before 49.0 and Firefox ESR 45.x before 45.4 allows
remote attackers to execute arbitrary code via a
crafted image data that is mishandled during the
encoding of an image frame to an image.(CVE-2016-5278)

- Use-after-free vulnerability in the
mozilla::nsTextNodeDirectionalityMap::RemoveElementFrom
Map function in Mozilla Firefox before 49.0 and Firefox
ESR 45.x before 45.4 allows remote attackers to execute
arbitrary code via bidirectional text.(CVE-2016-5280)

- Use-after-free vulnerability in the DOMSVGLength class
in Mozilla Firefox before 49.0 and Firefox ESR 45.x
before 45.4 allows remote attackers to execute
arbitrary code by leveraging improper interaction
between JavaScript code and an SVG
document.(CVE-2016-5281)

- Mozilla Firefox before 49.0 and Firefox ESR 45.x before
45.4 rely on unintended expiration dates for Preloaded
Public Key Pinning, which allows man-in-the-middle
attackers to spoof add-on updates by leveraging
possession of an X.509 server certificate for
addons.mozilla.org signed by an arbitrary built-in
Certification Authority.(CVE-2016-5284)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?5dca1e4f

Solution :

Update the affected firefox packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now