Firefox < 44 Multiple Vulnerabilities

Critical Nessus Plugin ID 88461

Synopsis

The remote Windows host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Firefox installed on the remote Windows host is prior to 44. It is, therefore, affected by the following vulnerabilities :

- A cookie injection vulnerability exists due to illegal control characters being stored as cookie values in violation of RFC6265. A remote attacker can exploit this to inject cookies. (CVE-2015-7208)

- Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2016-1930, CVE-2016-1931)

- An integer overflow condition exists due to improper parsing of GIF images during deinterlacing. A remote attacker can exploit this, via a specially crafted GIF image, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1933)

- A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935)

- A content spoofing vulnerability exists due to the protocol handler dialog treating double click events as two single click events. A remote attacker can exploit this to spoof content, allowing the attacker to trick a user into performing malicious actions. (CVE-2016-1937)

- A cryptographic weakness exists in Network Security Services (NSS) due to incorrect calculations with 'mp_div' and 'mp_exptmod'. (CVE-2016-1938)

- A cookie injection vulnerability exists due to illegal control characters being permitted in cookie names. A remote attacker can exploit this to inject cookies.
(CVE-2016-1939)

- An URL spoofing vulnerability exists due to a flaw that is triggered during the handling of a URL that invalid for the internal protocol, causing the URL to be pasted into the address bar. A remote attacker can exploit this spoof URLs, allowing the attacker to trick a user into visiting a malicious website. (CVE-2016-1942)

- An unspecified memory corruption issue exists in the ANGLE graphics library implementation. A remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-1944)

- A wild pointer flaw exists due to improper handling of ZIP files. A remote attacker can exploit this, via a crafted ZIP file, to have an unspecified impact.
(CVE-2016-1945)

- An integer overflow condition exists in the bundled version of libstagefright due to improper handling of MP4 file metadata. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1946)

- A flaw exists in the safe browsing feature due to the Application Reputation service being unreachable. A remote attacker can exploit this to convince a user into downloading a malicious executable without being warned. (CVE-2016-1947)

- A use-after-free error exists in Network Security Services (NSS) due to improper handling of failed allocations during DHE and ECDHE handshakes. An attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.
(CVE-2016-1978)

Solution

Upgrade to Firefox version 44 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/

Plugin Details

Severity: Critical

ID: 88461

File Name: mozilla_firefox_44.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 2016/01/28

Updated: 2019/11/20

Dependencies: 20862

Risk Information

Risk Factor: Critical

CVSS Score Source: CVE-2016-1946

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Required KB Items: Mozilla/Firefox/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/01/26

Vulnerability Publication Date: 2015/09/24

Reference Information

CVE: CVE-2015-7208, CVE-2016-1930, CVE-2016-1931, CVE-2016-1933, CVE-2016-1935, CVE-2016-1937, CVE-2016-1938, CVE-2016-1939, CVE-2016-1942, CVE-2016-1944, CVE-2016-1945, CVE-2016-1946, CVE-2016-1947, CVE-2016-1978

BID: 79280

MFSA: 2016-01, 2016-02, 2016-03, 2016-04, 2016-06, 2016-07, 2016-08, 2016-09, 2016-10, 2016-11, 2016-15