Firefox ESR 45.x < 45.1 Multiple Vulnerabilities
Critical Nessus Plugin ID 90792
SynopsisThe remote Windows host contains a web browser that is affected by multiple vulnerabilities.
DescriptionThe version of Firefox ESR installed on the remote Windows host is 45.x prior to 45.1. It is, therefore, affected by multiple vulnerabilities :
- Multiple memory corruption issues exist that allow an attacker to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2806, CVE-2016-2807)
- A flaw exists due to improper validation of user-supplied input when handling the 32-bit generation count of the underlying HashMap. A context-dependent attacker can exploit this to cause a buffer overflow condition, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-2808)
- A heap buffer overflow condition exists in the Google Stagefright component due to improper validation of user-supplied input when handling CENC offsets and the sizes table. A context-dependent attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-2814)
SolutionUpgrade to Firefox ESR version 45.1 or later.