Mozilla Firefox < 62.0 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 700407

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox prior to 62.0 are unpatched for the following vulnerabilities as referenced in the mfsa2018-20 advisory:

- Browser proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system. Content can be loaded from this mounted file system directly using "file: URI", bypassing configured proxy settings. (CVE-2017-16541)
- Evidence of memory corruption exists that could be exploited to run arbitrary code. (CVE-2018-12375, CVE-2018-12376)
- A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. (CVE-2018-12377)
- A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. (CVE-2018-12378)
- When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. (CVE-2018-12379)
- Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the mail columns are incorrectly interpreted as a URL. (CVE-2018-12381)
- The displayed addressbar URL can be spoofed on Firefox for Android using 'javascript: URI' in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. (CVE-2018-12382)
- If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. (CVE-2018-12383)

Solution

Upgrade to Firefox version 62.0 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2018-20

Plugin Details

Severity: High

ID: 700407

Family: Web Clients

Published: 2019/02/06

Updated: 2019/03/06

Dependencies: 9131

Nessus ID: 117294

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Patch Publication Date: 2018/09/05

Vulnerability Publication Date: 2018/09/05

Reference Information

CVE: CVE-2017-16541, CVE-2018-12375, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12381, CVE-2018-12382, CVE-2018-12383

BID: 101665