Mozilla Firefox < 89.0

high Nessus Plugin ID 150119

Synopsis

A web browser installed on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Firefox installed on the remote Windows host is prior to 89.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-23 advisory.

- A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are unaffected. (CVE-2021-29965)

- Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. (CVE-2021-29960)

- When styling and rendering an oversized `` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. (CVE-2021-29961)

- Address bar search suggestions in private browsing mode were re-using session data from normal mode.
This bug only affects Firefox for Android. Other operating systems are unaffected. (CVE-2021-29963)

- A locally-installed hostile program could send `WMCOPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. This bug only affects Firefox on Windows. Other operating systems are unaffected. (CVE-2021-29964)

- When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. (CVE-2021-29959)

- Firefox for Android would become unstable and hard-to-recover when a website opened too many popups.
This bug only affects Firefox for Android. Other operating systems are unaffected. (CVE-2021-29962)

- Mozilla developers Christian Holler, Anny Gakhokidze, Alexandru Michis, Gabriele Svelto reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29967)

- Mozilla developers Christian Holler, Tooru Fujisawa, Tyson Smith reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29966)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Mozilla Firefox version 89.0 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/

Plugin Details

Severity: High

ID: 150119

File Name: mozilla_firefox_89_0.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 6/1/2021

Updated: 9/10/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2021-29967

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Required KB Items: Mozilla/Firefox/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/1/2021

Vulnerability Publication Date: 6/1/2021

Reference Information

CVE: CVE-2021-29959, CVE-2021-29960, CVE-2021-29961, CVE-2021-29962, CVE-2021-29963, CVE-2021-29964, CVE-2021-29965, CVE-2021-29966, CVE-2021-29967

IAVA: 2021-A-0264-S