SynopsisThe remote host has a web browser installed that is vulnerable to multiple attack vectors.
DescriptionVersions of Mozilla Firefox prior to 62.0 are unpatched for the following vulnerabilities as referenced in the mfsa2018-20 advisory:
- Browser proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system. Content can be loaded from this mounted file system directly using "file: URI", bypassing configured proxy settings. (CVE-2017-16541)
- Evidence of memory corruption exists that could be exploited to run arbitrary code. (CVE-2018-12375, CVE-2018-12376)
- A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. (CVE-2018-12377)
- When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. (CVE-2018-12379)
- Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the mail columns are incorrectly interpreted as a URL. (CVE-2018-12381)
- If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. (CVE-2018-12383)
SolutionUpgrade to Firefox version 62.0 or later.