Mozilla Firefox < 59.0.1 Multiple RCE
High Nessus Network Monitor Plugin ID 700329
SynopsisThe remote host has a web browser installed that is vulnerable to multiple Remote Code Execution (RCE) attack vectors.
DescriptionThe version of Mozilla Firefox installed on the remote Windows host is prior to 59.0.1. It is, therefore, affected by multiple code execution vulnerabilities. A out-of-bounds write flaw exists in multiple functions of the codebook.c script when decoding Vorbis audio data. A context-dependent attacker could corrupt memory and potentially execute arbitrary code. (CVE-2018-5146, CVE-2018-5147)
SolutionUpgrade to Firefox version 59.0.1 or later.