Firefox ESR < 38.4 Multiple Vulnerabilities

High Nessus Plugin ID 86763

Synopsis

The remote Windows host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Firefox ESR installed on the remote Windows host is prior to 38.4. It is, therefore, affected by the following vulnerabilities :

- Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2015-4513, CVE-2015-4514)

- An unspecified use-after-poison flaw exists in the sec_asn1d_parse_leaf() function in Mozilla Network Security Services (NSS) due to improper restriction of access to an unspecified data structure. A remote attacker can exploit this, via crafted OCTET STRING data, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7181)
- A heap buffer overflow condition exists in the ASN.1 decoder in Mozilla Network Security Services (NSS) due to improper validation of user-supplied input. A remote attacker can exploit this, via crafted OCTET STRING data, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7182)

- An integer overflow condition exists in the PL_ARENA_ALLOCATE macro in the Netscape Portable Runtime (NSPR) due to improper validation of user-supplied input. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-7183)

- A same-origin bypass vulnerability exists due to improper handling of trailing whitespaces in the IP address hostname. A remote attacker can exploit this, by appending whitespace characters to an IP address string, to bypass the same-origin policy and conduct a cross-site scripting attack. (CVE-2015-7188)

- A race condition exists in the JPEGEncoder() function due to improper validation of user-supplied input when handling canvas elements. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-7189)

- A cross-origin resource sharing (CORS) request bypass vulnerability exists due to improper implementation of the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation. A remote attacker can exploit this to perform a simple request instead of a 'preflight' request. (CVE-2015-7193)

- A buffer underflow condition exists in libjar due to improper validation of user-supplied input when handling ZIP archives. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7194)

- A memory corruption issue exists in the _releaseobject() function in dom/plugins/base/nsNPAPIPlugin.cpp due to improper deallocation of JavaScript wrappers. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2015-7196)

- A security bypass vulnerability exists due to improperly controlling the ability of a web worker to create a WebSocket object in the WebSocketImpl::Init() method.
A remote attacker can exploit this to bypass intended mixed-content restrictions. (CVE-2015-7197)

- A buffer overflow condition exists in TextureStorage11 in ANGLE due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7198)

- A flaw exists in the AddWeightedPathSegLists() function due to missing return value checks during SVG rendering.
A remote attacker can exploit this, via a crafted SVG document, to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2015-7199)

- A flaw exists in the CryptoKey interface implementation due to missing status checks. A remote attacker can exploit this to make changes to cryptographic keys and execute arbitrary code. (CVE-2015-7200)

Solution

Upgrade to Firefox ESR 38.4 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-122/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-130/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/

Plugin Details

Severity: High

ID: 86763

File Name: mozilla_firefox_38_4_esr.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 2015/11/05

Updated: 2018/07/16

Dependencies: 20862

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Required KB Items: Mozilla/Firefox/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/11/03

Vulnerability Publication Date: 2015/11/03

Reference Information

CVE: CVE-2015-4513, CVE-2015-4514, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200

BID: 77415, 77416