Mozilla Firefox < 57.0.4 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 700325

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 57.0.4 are unpatched for the following vulnerabilities :

- A flaw exists related to speculative execution, which is used as a performance feature to speed up operations. This optimization can result in memory being cached during conditional branches handling out-of-bounds checks. Using a vulnerable code pattern, or a JIT engine or interpreter to generate such a pattern, an attacker can perform a Flush+Reload or Evict+Reload side-channel attack on the cache and disclose parts of the privileged kernel memory. (CVE-2017-5753)
- A flaw exists in the fundamental design related to out-of-order process execution, which is used as a performance feature to speed up operations. This optimization can result in memory being cached before exceptions are raised for restricted memory access. Using transient instructions in combination with a Flush+Reload side-channel attack a local attacker can disclose parts of the privileged kernel memory. (CVE-2017-5754)
- A flaw exists related to speculative execution, which is used as a performance feature to speed up operations. This optimization can result in memory being cached during indirect branch prediction. This may allow a local attacker to train the Branch Target Buffer (BTB) to trigger a false prediction to a specially crafted memory location, causing a speculative execution of a crafted gadget and the caching of arbitrary memory. Using a side-channel attack on the cache the attacker can disclose parts of the privileged kernel memory. (CVE-2017-5754)

Solution

Upgrade to Firefox version 57.0.4 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2018-01

https://spectreattack.com

Plugin Details

Severity: Medium

ID: 700325

Family: Web Clients

Published: 2018/08/21

Updated: 2019/03/06

Dependencies: 9131

Nessus ID: 105616

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.7

Temporal Score: 3.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 5

Temporal Score: 4.6

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2018/01/02

Vulnerability Publication Date: 2018/01/02

Reference Information

CVE: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

BID: 102371, 102376