Firefox ESR 45.x < 45.3 Multiple Vulnerabilities

High Nessus Plugin ID 92754

Synopsis

The remote Windows host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Firefox ESR installed on the remote Windows host is 45.x prior to 45.3. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists due to a failure to close connections after requesting favicons.
An attacker can exploit this to continue to send requests to the user's browser and disclose sensitive information.(CVE-2016-2830)

- Multiple memory corruption issues exist due to improper validation of user-supplied input. An attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-2835, CVE-2016-2836)

- An overflow condition exists in the ClearKey Content Decryption Module (CDM) used by the Encrypted Media Extensions (EME) API due to improper validation of user-supplied input. An attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2016-2837)

- An overflow condition exists in the ProcessPDI() function in layout/base/nsBidi.cpp due to improper validation of user-supplied input. An attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-2838)

- An underflow condition exists in the BasePoint4d() function in gfx/2d/Matrix.h due to improper validation of user-supplied input when calculating clipping regions in 2D graphics. A remote attacker can exploit this to cause a stack-based buffer underflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5252)

- A use-after-free error exists in the KeyDown() function in layout/xul/nsXULPopupManager.cpp when using the alt key in conjunction with top level menu items. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5254)

- A use-after-free error exists in WebRTC that is triggered when handling DTLS objects. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5258)

- A use-after-free error exists in the DestroySyncLoop() function in dom/workers/WorkerPrivate.cpp that is triggered when handling nested sync event loops in Service Workers. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2016-5259)

- A security bypass vulnerability exists due to event handler attributes on a <marquee> tag being executed inside a sandboxed iframe that does not have the allow-scripts flag set. An attacker can exploit this to bypass cross-site scripting protection mechanisms.
(CVE-2016-5262)

- A type confusion flaw exists in the HitTest() function in nsDisplayList.cpp when handling display transformations. An attacker can exploit this to execute arbitrary code. (CVE-2016-5263)

- A use-after-free error exists in the NativeAnonymousChildListChange() function when applying effects to SVG elements. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2016-5264)

- A flaw exists in the Redirect() function in nsBaseChannel.cpp that is triggered when a malicious shortcut is called from the same directory as a local HTML file. An attacker can exploit this to bypass the same-origin policy. (CVE-2016-5265)

Solution

Upgrade to Firefox ESR version 45.3 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/

Plugin Details

Severity: High

ID: 92754

File Name: mozilla_firefox_45_3_esr.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 2016/08/05

Updated: 2019/11/14

Dependencies: 20862

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2016-5254

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Required KB Items: Mozilla/Firefox/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/08/02

Vulnerability Publication Date: 2016/05/17

Reference Information

CVE: CVE-2016-2830, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-5252, CVE-2016-5254, CVE-2016-5258, CVE-2016-5259, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265

BID: 92258, 92261

MFSA: 2016-62, 2016-63, 2016-64, 2016-67, 2016-68, 2016-70, 2016-72, 2016-73, 2016-76, 2016-77, 2016-78, 2016-79, 2016-80