Mozilla Firefox ESR < 60.0.2 RCE
High Nessus Network Monitor Plugin ID 700340
SynopsisThe remote host has a web browser installed that is vulnerable to a Remote Code Execution (RCE) attack vector.
DescriptionVersions of Mozilla Firefox ESR earlier than 60.0.2 are unpatched for the following vulnerabilities :
- An overflow condition exists in the 'SkScan::FillPath()' function in 'core/SkScan_Path.cpp' that is triggered as certain input is not properly validated when drawing paths with anti-aliasing turned off. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service in a process linked against the library or potentially allowing the execution of arbitrary code.
SolutionUpgrade to Firefox ESR version 60.0.2 or later.