Mozilla Firefox ESR < 52.7.2 RCE
High Nessus Network Monitor Plugin ID 700336
SynopsisThe remote host has a web browser installed that is vulnerable to a Remote Code Execution (RCE) attack vector.
DescriptionVersions of Mozilla Firefox ESR earlier than 52.7.2 are unpatched for an out-of-bounds write flaw exists in the 'vorbis_book_decodevs_add()', 'vorbis_book_decodev_add()', and 'vorbis_book_decodevv_add()' functions in 'codebook.c' that is triggered when decoding codebooks from Vorbis audio data. This may allow a context-dependent attacker to corrupt memory and execute arbitrary code.
SolutionUpgrade to Firefox ESR version 52.7.2 or later.