Mozilla Firefox ESR < 52.8.1 RCE
High Nessus Network Monitor Plugin ID 700338
SynopsisThe remote host has a web browser installed that is vulnerable to a Remote Code Execution (RCE) attack vector.
DescriptionVersions of Mozilla Firefox ESR earlier than 52.8.1 are unpatched for an overflow condition exists in the 'SkScan::FillPath()' function in 'core/SkScan_Path.cpp' that is triggered as certain input is not properly validated when drawing paths with anti-aliasing turned off. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code.
SolutionUpgrade to Firefox ESR version 52.8.1 or later.