Mozilla Firefox < 62.0.3 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 700409
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox prior to 62.0.3 are unpatched for the following vulnerabilities as referenced in the mfsa2018-24 advisory:

- A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. (CVE-2018-12386)
- A vulnerability where the JavaScript JIT compiler inlines 'Array.prototype.push' with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. (CVE-2018-12387)

Solution

Upgrade to Firefox version 62.0.3 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2018-24

Plugin Details

Severity: High

ID: 700409

Family: Web Clients

Published: 2/7/2019

Updated: 3/6/2019

Dependencies: 9131

Nessus ID: 117921

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Patch Publication Date: 10/2/2018

Vulnerability Publication Date: 10/2/2018

Reference Information

CVE: CVE-2018-12386, CVE-2018-12387

BID: 105460