Firefox ESR 24.x < 24.4 Multiple Vulnerabilities

high Nessus Plugin ID 73098

Synopsis

The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.

Description

The installed version of Firefox ESR 24.x is a version prior to 24.4.
It is, therefore, potentially affected by the following vulnerabilities :

- Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1493, CVE-2014-1494)

- A flaw exists in the checkHandshake() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2014-1495)

- An issue exists where extracted files for updates are not read-only while updating. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1496)

- An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure.
(CVE-2014-1497)

- An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1508)

- A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack.
(CVE-2014-1509)

- An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks.
(CVE-2014-1505)

- An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which could result in arbitrary code execution.
(CVE-2014-1510)

- An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1511)

- A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution.
(CVE-2014-1512)

- An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution.
(CVE-2014-1513)

- An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1514)

Solution

Upgrade to Firefox ESR 24.4 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/

http://www.securityfocus.com/archive/1/531617/30/0/threaded

https://www.mozilla.org/en-US/security/advisories/mfsa2014-01/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/

Plugin Details

Severity: High

ID: 73098

File Name: mozilla_firefox_24_4_esr.nasl

Version: 1.18

Type: local

Agent: windows

Family: Windows

Published: 3/19/2014

Updated: 7/16/2018

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Required KB Items: Mozilla/Firefox/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/18/2014

Vulnerability Publication Date: 3/18/2014

Exploitable With

Metasploit (Firefox WebIDL Privileged Javascript Injection)

Reference Information

CVE: CVE-2014-1493, CVE-2014-1494, CVE-2014-1495, CVE-2014-1496, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514

BID: 66203, 66206, 66207, 66209, 66240, 66412, 66416, 66418, 66419, 66423, 66425, 66426