Pale Moon < 24.3.2 Unspecified Security Vulnerability

high Nessus Network Monitor Plugin ID 8123

Synopsis

The remote host was detected running an outdated version of Pale Moon.

Description

Versions of Pale Moon browser earlier than 24.3.2 are outdated and thus unpatched for a buffer overflow. A flaw exists in the function 'cairo_dwrite_load_truetype_table()' in 'cairo-dwrite-font.cpp' that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to trigger a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

Solution

Upgrade to Pale Moon browser version 24.3.2, or later.

See Also

http://www.palemoon.org/releasenotes-ng.shtml

https://bugzilla.mozilla.org/show_bug.cgi?id=966021

Plugin Details

Severity: High

ID: 8123

Family: Web Clients

Published: 2/14/2014

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:palemoon:pale_moon

Patch Publication Date: 2/11/2014

Vulnerability Publication Date: 2/11/2014

Reference Information

CVE: CVE-2014-1509

BID: 65512