Mozilla Firefox ESR < 45.8.0 RCE
Medium Nessus Network Monitor Plugin ID 700013
SynopsisThe remote host has a web browser installed that is vulnerable to a Remote Code Execution (RCE) attack vector.
DescriptionVersions of Mozilla Firefox ESR earlier than 45.8.0 are unpatched for an integer overflow condition in the 'nsGlobalWindow::CreateImageBitmap()' function in 'dom/base/nsGlobalWindow.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and execute arbitrary code.
SolutionUpgrade to Firefox version 45.8.0 or later.