Detections
Analytics

Mozilla Firefox ESR < 52.1

critical Nessus Plugin ID 275653

Language:

Synopsis

A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.

Description

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-12 advisory.

 - Fixed potential buffer overflows in generated Firefox code due to [CVE-2016-6354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354) issue in Flex.
 (CVE-2017-5469)

 - A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. (CVE-2017-5433)

 - A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. (CVE-2017-5435)

 - An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. (CVE-2017-5436)

 - An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. (CVE-2017-5461)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Mozilla Firefox ESR version 52.1 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/

Plugin Details

Severity: Critical

ID: 275653

File Name: macos_firefox_52_1_esr.nasl

Version: 1.1

Type: local

Agent: macosx

Published: 11/18/2025

Updated: 11/18/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-5469

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Required KB Items: installed_sw/Mozilla Firefox ESR

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/19/2017

Vulnerability Publication Date: 1/31/2017

Reference Information

CVE: CVE-2016-10196, CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469

IAVA: 2017-A-0126-S