Firefox < 40.0.3 Multiple Vulnerabilities (Mac OS X)
High Nessus Plugin ID 85687
SynopsisThe remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities.
DescriptionThe version of Mozilla Firefox installed on the remote Mac OS X host is prior to 40.0.3. It is, therefore, affected by the following vulnerabilities :
- A use-after-free error exists when handling restyling operations during the resizing of canvas elements due to the canvas references being recreated, thus destroying the original references. A remote, unauthenticated attacker can exploit this to deference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-4497)
- A security feature bypass vulnerability exists due to a flaw that allows the manipulation of the 'data:' URL on a loaded web page without install permission prompts being displayed to the user. A remote, unauthenticated attacker can exploit this to install add-ons from a malicious source. (CVE-2015-4498)
SolutionUpgrade to Firefox 40.0.3 or later.