Firefox ESR 31.x < 31.5 Multiple Vulnerabilities (Mac OS X)

high Nessus Plugin ID 81517

Synopsis

The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.5. It is, therefore, affected by the following vulnerabilities :

- An information disclosure vulnerability exists related to the autocomplete feature that allows an attacker to read arbitrary files. (CVE-2015-0822)

- An out-of-bounds read and write issue exists when processing invalid SVG graphic files. This allows an attacker to disclose sensitive information.
(CVE-2015-0827)

- A use-after-free issue exists when running specific web content with 'IndexedDB' to create an index, resulting in a denial of service condition or arbitrary code execution. (CVE-2015-0831)

- Multiple unspecified memory safety issues exist within the browser engine. (CVE-2015-0835, CVE-2015-0836)

Solution

Upgrade to Firefox ESR 31.5 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/

Plugin Details

Severity: High

ID: 81517

File Name: macosx_firefox_31_5_esr.nasl

Version: 1.8

Type: local

Agent: macosx

Published: 2/25/2015

Updated: 11/25/2019

Risk Information

CVSS Score Source: CVE-2015-0836

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Required KB Items: MacOSX/Firefox/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 2/24/2015

Vulnerability Publication Date: 2/24/2015

Reference Information

CVE: CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0835, CVE-2015-0836

BID: 72742, 72746, 72748, 72755, 72756