Detections
Analytics

Mozilla Firefox < 59.0.1

critical Nessus Plugin ID 108587

Language:

Synopsis

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Firefox installed on the remote Windows host is prior to 59.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-08 advisory.

 - The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. Update: The 52.7.2 source release accidentally did not include this patch (the Mozilla-produced 52.7.2 binaries are fine). Anyone building 52.7.2 on ARM should use <a href=https://hg.mozilla.org/releases/mozilla-esr52/rev/5cd5586a2f48424a9031a3fa4c782954a9df9a52>revision 5cd5586a2f48424a9031a3fa4c782954a9df9a52</a> instead of the released source. (CVE-2018-5147)

 - An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.
 (CVE-2018-5146)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Mozilla Firefox version 59.0.1 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/

Plugin Details

Severity: Critical

ID: 108587

File Name: mozilla_firefox_59_0_1.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 3/23/2018

Updated: 11/18/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-5147

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Required KB Items: installed_sw/Mozilla Firefox

Exploit Ease: No known exploits are available

Patch Publication Date: 3/16/2018

Vulnerability Publication Date: 3/15/2018

Reference Information

CVE: CVE-2018-5146, CVE-2018-5147

BID: 103432

MFSA: 2018-08