SynopsisThe remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities.
DescriptionThe version of Firefox installed on the remote Mac OS X host is prior to 44. It is, therefore, affected by the following vulnerabilities :
- A cookie injection vulnerability exists due to illegal control characters being stored as cookie values in violation of RFC6265. A remote attacker can exploit this to inject cookies. (CVE-2015-7208)
- Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code.
- An integer overflow condition exists due to improper parsing of GIF images during deinterlacing. A remote attacker can exploit this, via a specially crafted GIF image, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1933)
- A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935)
- A content spoofing vulnerability exists due to the protocol handler dialog treating double click events as two single click events. A remote attacker can exploit this to spoof content, allowing the attacker to trick a user into performing malicious actions. (CVE-2016-1937)
- A cryptographic weakness exists in Network Security Services (NSS) due to incorrect calculations with 'mp_div' and 'mp_exptmod'. (CVE-2016-1938)
- A cookie injection vulnerability exists due to illegal control characters being permitted in cookie names. A remote attacker can exploit this to inject cookies.
- An URL spoofing vulnerability exists due to a flaw that is triggered during the handling of a URL that invalid for the internal protocol, causing the URL to be pasted into the address bar. A remote attacker can exploit this spoof URLs, allowing the attacker to trick a user into visiting a malicious website. (CVE-2016-1942)
- An unspecified memory corruption issue exists in the ANGLE graphics library implementation. A remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-1944)
- A wild pointer flaw exists due to improper handling of ZIP files. A remote attacker can exploit this, via a crafted ZIP file, to have an unspecified impact.
- An integer overflow condition exists in the bundled version of libstagefright due to improper handling of MP4 file metadata. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1946)
- A flaw exists in the safe browsing feature due to the Application Reputation service being unreachable. A remote attacker can exploit this to convince a user into downloading a malicious executable without being warned. (CVE-2016-1947)
- A use-after-free error exists in Network Security Services (NSS) due to improper handling of failed allocations during DHE and ECDHE handshakes. An attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.
SolutionUpgrade to Firefox version 44 or later.
File Name: macosx_firefox_44.nasl
Supported Sensors: Nessus Agent
Temporal Vector: E:U/RL:OF/RC:C
Temporal Vector: E:U/RL:O/RC:C
Required KB Items: MacOSX/Firefox/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 1/26/2016
Vulnerability Publication Date: 9/24/2015
CVE: CVE-2015-7208, CVE-2016-1930, CVE-2016-1931, CVE-2016-1933, CVE-2016-1935, CVE-2016-1937, CVE-2016-1938, CVE-2016-1939, CVE-2016-1941, CVE-2016-1942, CVE-2016-1944, CVE-2016-1945, CVE-2016-1946, CVE-2016-1947, CVE-2016-1978
MFSA: 2016-01, 2016-02, 2016-03, 2016-04, 2016-06, 2016-07, 2016-08, 2016-09, 2016-10, 2016-11, 2016-15