Mozilla Firefox ESR < 52.5.2 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 700333
SynopsisThe remote host has a web browser installed that is vulnerable to multiple attack vectors.
DescriptionVersions of Mozilla Firefox ESR earlier than 52.5.2 are unpatched for the following vulnerabilities :
- A flaw exists in the 'FactoryOp::CheckPermission()' function in 'dom/indexedDB/ActorsParent.cpp' that is triggered as a web worker in Private Browsing mode can write to IndexedDB. With a specially crafted web page, a context-dependent attacker can uniquely fingerprint a user even when browsing in Private Browsing mode. (CVE-2017-7843)
- An overflow condition exists that is triggered as certain input is not properly validated when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2017-7845)
SolutionUpgrade to Firefox ESR version 52.5.2 or later.