Mozilla Firefox ESR < 52.1 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 700066
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR earlier than 52.1 are unpatched for the following vulnerabilities :

- A use-after-free error exists that is related to certain text input selections. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5432)
- A use-after-free error exists in the SMIL animation functions. The issue is triggered when handling animation elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5433)
- A use-after-free error exists that is triggered when redirecting focus handling. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5434)
- A use-after-free error exists that is triggered when processing transactions in the editor during design mode interactions. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5435)
- A use-after-free error exists in the 'nsAutoPtr()' function that is triggered during XSLT processing. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5438)
- A use-after-free error exists in the 'Length()' function in 'nsTArray' that is triggered when handling template parameters during XSLT processing. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5439)
- A use-after-free error exists in the 'txExecutionState' destructor that is triggered during the processing of XSLT content. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5440)
- A use-after-free error exists that is triggered when holding a selection during scroll events. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5441)
- A use-after-free error exists that is triggered when changing styles in DOM elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5442)
- An out-of-bounds write flaw exists that is triggered during the decoding of improperly formed BinHex format archives. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5443)
- An overflow condition exists that is triggered as certain input is not properly validated when parsing 'application/http-index-format' content. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5444)
- An out-of-bounds read flaw exists that is triggered when handling 'HTTP/2 DATA' connections that send DATA frames with incorrect data content. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5446)
- An out-of-bounds read flaw exists that is triggered when processing glyph widths during text layouts. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5447)
- An out-of-bounds write flaw exists in the 'ClearKeyDecryptor::Decrypt()' function in 'ClearKeyDecryptionManager.cpp' that is triggered when decrypting Clearkey-encrypted media content. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5448)
- An overflow condition exists in WebGL. The issue is triggered as certain input is not properly validated when handling web content. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5459)
- A use-after-free error exists in frame selection that is triggered when handling a combination of malicious script content and key presses. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5460)
- An overflow condition exists in Base64 decoding. The issue is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2017-5461)
- A flaw in the DRBG number generation exists that is triggered as internal state V does not correctly carry bits over. This may result in potentially predictable random number generation. (CVE-2017-5462)
- A flaw exists that is triggered as certain input is not properly validated when making changes to DOM content in the accessibility tree. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5464)
- An out-of-bounds read flaw exists in 'ConvolvePixel' that is triggered when processing specially crafted SVG content. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5465)
- Multiple overflow conditions exist in the FLEX generated code. The issue is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5469)
- Multiple unspecified flaws exist that are triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5429 ,CVE-2017-5430)

Solution

Upgrade to Firefox version 52.1 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10

https://www.mozilla.org/en-US/security/advisories/mfsa2017-11

https://www.mozilla.org/en-US/security/advisories/mfsa2017-12

Plugin Details

Severity: High

ID: 700066

Family: Web Clients

Published: 4/21/2017

Updated: 11/6/2019

Dependencies: 9131

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Patch Publication Date: 4/19/2017

Vulnerability Publication Date: 4/19/2017

Reference Information

CVE: CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2017-5430

BID: 97940