Mozilla Firefox < 53.0.2 ANGLE Graphics Library RCE
High Nessus Plugin ID 100127
SynopsisThe remote Windows host contains a web browser that is affected by a remote code execution vulnerability.
DescriptionThe version of Mozilla Firefox installed on the remote Windows host is prior to 53.0.2. It is, therefore, affected by a use-after-free error in libANGLE/renderer/d3d/d3d11/Buffer11.cpp within the ANGLE graphics library (libGLES) when handling Buffer11 API calls. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to dereference already freed memory, resulting in a crash or potentially the execution of arbitrary code.
SolutionUpgrade to Mozilla Firefox version 53.0.2 or later.