Mozilla Firefox < 53 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 700065
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox prior to 53 are unpatched for the following vulnerabilities :

- A use-after-free error exists that is related to certain text input selections. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5432)
- A use-after-free error exists in the SMIL animation functions. The issue is triggered when handling animation elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5433)
- A use-after-free error exists that is triggered when redirecting focus handling. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5434)
- A use-after-free error exists that is triggered when processing transactions in the editor during design mode interactions. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5435)
- A use-after-free error exists in the 'nsAutoPtr()' function that is triggered during XSLT processing. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5438)
- A use-after-free error exists in the 'Length()' function in 'nsTArray' that is triggered when handling template parameters during XSLT processing. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5439)
- A use-after-free error exists in the 'txExecutionState' destructor that is triggered during the processing of XSLT content. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5440)
- A use-after-free error exists that is triggered when holding a selection during scroll events. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5441)
- A use-after-free error exists that is triggered when changing styles in DOM elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5442)
- An out-of-bounds write flaw exists that is triggered during the decoding of improperly formed BinHex format archives. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5443)
- An overflow condition exists that is triggered as certain input is not properly validated when parsing 'application/http-index-format' content. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5444)
- A flaw exists in 'nsDirIndexParser.cpp' related to the use of uninitialized data. The issue is triggered when parsing 'application/http-index-format' content. This may allow a context-dependent attacker to disclose memory contents. (CVE-2017-5445)
- An out-of-bounds read flaw exists that is triggered when handling HTTP/2 DATA connections that send DATA frames with incorrect data content. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5446)
- An out-of-bounds read flaw exists that is triggered when processing glyph widths during text layouts. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5447)
- An out-of-bounds write flaw exists in the 'ClearKeyDecryptor::Decrypt()' function in 'ClearKeyDecryptionManager.cpp' that is triggered when decrypting Clearkey-encrypted media content. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5448)
- A flaw exists that is triggered during the handling of bidirectional unicode text with CSS animations. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5449)
- A flaw exists that is triggered during the parsing of base domains that contain 'javascript: URI'. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5450)
- A flaw exists that is triggered during the handling of a specially crafted 'onblur' event. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5451)
- A flaw exists that is triggered when selecting an HTML editable page element while the existing location bar has been scrolled out of view. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5452)
- A flaw exists in the RSS reader preview page that is triggered as input supplied via URL parameters is not properly sanitized. This may allow a context-dependent attacker to spoof the 'TITLE' element. (CVE-2017-5453)
- A flaw exists in the 'FileSystemSecurity::Forget()' function in 'FileSystemSecurity.cpp'. The issue is triggered as input containing path traversal style sequences (e.g. '../') is not properly sanitized when using the File Picker. This may allow a context-dependent attacker to bypass file system access protections and read arbitrary files from the local file system. (CVE-2017-5454)
- An unspecified flaw exists in the internal feed reader APIs that is triggered when handling messages. This may allow a context-dependent attacker to bypass the sandbox. (CVE-2017-5455)
- A flaw exists in the Entries API that is triggered when using a file system request constructor through an IPC message. This may allow a context-dependent attacker to bypass the file system access protections and gain read and write access to the local file system. (CVE-2017-5456)
- A flaw exists that allows a reflected XSS attack. This flaw exists because the program does not validate input when dragging and dropping a 'javascript: URL' into the address bar. This may allow a context-dependent attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2017-5458)
- An overflow condition exists in WebGL. The issue is triggered as certain input is not properly validated when handling web content. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5459)
- A use-after-free error exists in frame selection that is triggered when handling a combination of malicious script content and key presses. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5460)
- An overflow condition exists in Base64 decoding. The issue is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2017-5461)
- A flaw exists in the DRBG number generation that is triggered as internal state V does not correctly carry bits over. This may result in potentially predictable random number generation. (CVE-2017-5462)
- A flaw exists that is triggered during the handling of a specially crafted URL with android intents. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5463)
- A flaw exists that is triggered as certain input is not properly validated when making changes to DOM content in the accessibility tree. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5464)
- An out-of-bounds read flaw exists in 'ConvolvePixel' that is triggered when processing specially crafted SVG content. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5465)
- A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when handling 'data:text/html' URL redirects before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2017-5466)
- A flaw exists that is triggered as certain input is not properly validated when rendering Skia content outside of the bounds of a clipping region. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5467)
- A flaw exists in developer tools that is triggered as ownership models are incorrectly applied. This may allow a context-dependent attacker to cause a crash. (CVE-2017-5468)
- Multiple overflow conditions exist in the FLEX generated code. The issue is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5469)
- Multiple unspecified flaws exist that are triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5429 ,CVE-2017-5430)

Solution

Upgrade to Firefox version 53 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10

https://www.mozilla.org/en-US/security/advisories/mfsa2017-11

https://www.mozilla.org/en-US/security/advisories/mfsa2017-12

Plugin Details

Severity: High

ID: 700065

Family: Web Clients

Published: 4/21/2017

Updated: 3/6/2019

Dependencies: 9131

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Patch Publication Date: 4/19/2017

Vulnerability Publication Date: 4/19/2017

Reference Information

CVE: CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2017-5430, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5466, CVE-2017-5467, CVE-2017-5453, CVE-2017-5458, CVE-2017-5468, CVE-2017-5450, CVE-2017-5463, CVE-2017-5452

BID: 97940