Mozilla Firefox < 62.0 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 700407
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox prior to 62.0 are unpatched for the following vulnerabilities as referenced in the mfsa2018-20 advisory:

- Browser proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system. Content can be loaded from this mounted file system directly using "file: URI", bypassing configured proxy settings. (CVE-2017-16541)
- Evidence of memory corruption exists that could be exploited to run arbitrary code. (CVE-2018-12375, CVE-2018-12376)
- A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. (CVE-2018-12377)
- A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. (CVE-2018-12378)
- When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. (CVE-2018-12379)
- Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the mail columns are incorrectly interpreted as a URL. (CVE-2018-12381)
- The displayed addressbar URL can be spoofed on Firefox for Android using 'javascript: URI' in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. (CVE-2018-12382)
- If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. (CVE-2018-12383)

Solution

Upgrade to Firefox version 62.0 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2018-20

Plugin Details

Severity: Critical

ID: 700407

Family: Web Clients

Published: 2/6/2019

Updated: 3/6/2019

Dependencies: 9131

Nessus ID: 117294

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Patch Publication Date: 9/5/2018

Vulnerability Publication Date: 9/5/2018

Reference Information

CVE: CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12381, CVE-2018-12383, CVE-2018-12375, CVE-2018-12382

BID: 101665