Mozilla Firefox ESR < 52.1 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 700066

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR earlier than 52.1 are unpatched for the following vulnerabilities :

- A use-after-free error exists that is related to certain text input selections. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5432)
- A use-after-free error exists in the SMIL animation functions. The issue is triggered when handling animation elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5433)
- A use-after-free error exists that is triggered when redirecting focus handling. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5434)
- A use-after-free error exists that is triggered when processing transactions in the editor during design mode interactions. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5435)
- A use-after-free error exists in the 'nsAutoPtr()' function that is triggered during XSLT processing. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5438)
- A use-after-free error exists in the 'Length()' function in 'nsTArray' that is triggered when handling template parameters during XSLT processing. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5439)
- A use-after-free error exists in the 'txExecutionState' destructor that is triggered during the processing of XSLT content. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5440)
- A use-after-free error exists that is triggered when holding a selection during scroll events. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5441)
- A use-after-free error exists that is triggered when changing styles in DOM elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5442)
- An out-of-bounds write flaw exists that is triggered during the decoding of improperly formed BinHex format archives. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5443)
- An overflow condition exists that is triggered as certain input is not properly validated when parsing 'application/http-index-format' content. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5444)
- An out-of-bounds read flaw exists that is triggered when handling 'HTTP/2 DATA' connections that send DATA frames with incorrect data content. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5446)
- An out-of-bounds read flaw exists that is triggered when processing glyph widths during text layouts. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5447)
- An out-of-bounds write flaw exists in the 'ClearKeyDecryptor::Decrypt()' function in 'ClearKeyDecryptionManager.cpp' that is triggered when decrypting Clearkey-encrypted media content. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5448)
- An overflow condition exists in WebGL. The issue is triggered as certain input is not properly validated when handling web content. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5459)
- A use-after-free error exists in frame selection that is triggered when handling a combination of malicious script content and key presses. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5460)
- An overflow condition exists in Base64 decoding. The issue is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2017-5461)
- A flaw in the DRBG number generation exists that is triggered as internal state V does not correctly carry bits over. This may result in potentially predictable random number generation. (CVE-2017-5462)
- A flaw exists that is triggered as certain input is not properly validated when making changes to DOM content in the accessibility tree. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5464)
- An out-of-bounds read flaw exists in 'ConvolvePixel' that is triggered when processing specially crafted SVG content. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5465)
- Multiple overflow conditions exist in the FLEX generated code. The issue is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5469)
- Multiple unspecified flaws exist that are triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5429 ,CVE-2017-5430)

Solution

Upgrade to Firefox version 52.1 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10

https://www.mozilla.org/en-US/security/advisories/mfsa2017-11

https://www.mozilla.org/en-US/security/advisories/mfsa2017-12

Plugin Details

Severity: High

ID: 700066

Family: Web Clients

Published: 2017/04/21

Updated: 2019/03/06

Dependencies: 9131

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Patch Publication Date: 2017/04/19

Vulnerability Publication Date: 2017/04/19

Reference Information

CVE: CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469

BID: 97940