Firefox ESR 31.x < 31.6 Multiple Vulnerabilities
High Nessus Plugin ID 82502
SynopsisThe remote Windows host contains a web browser that is affected by multiple vulnerabilities.
DescriptionThe version of Firefox ESR 31.x installed on the remote Windows host is prior to 31.6. It is, therefore, affected by the following vulnerabilities :
- A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. Note that this is a variant of CVE-2015-0818 that was fixed in Firefox ESR 31.5.3.
- A cross-site request forgery (XSRF) vulnerability exists in the sendBeacon() function due to cross-origin resource sharing (CORS) requests following 30x redirections. (CVE-2015-0807)
- Multiple memory safety issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and possibly execute arbitrary code.
SolutionUpgrade to Firefox ESR 31.6 or later.