Mozilla Firefox < 37.0 / Firefox ESR < 31.6 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 8742
SynopsisThe remote host has a web browser installed that is vulnerable to multiple attack vectors.
DescriptionVersions of Mozilla Firefox earlier than 37.0 (or ESR version 31.6) are unpatched for the following vulnerabilities :
- A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. Note that this is a variant of CVE-2015-0818 that was fixed in Firefox 36.0.4. (CVE-2015-0801)
- Multiple type confusion issues exist that can lead to use-after-free errors, which a remote attacker can exploit to execute arbitrary code or cause a denial of service. (CVE-2015-0803, CVE-2015-0804)
- Multiple memory corruption issues exist related to off-main-thread compositing when rendering 2D graphics, which a remote attacker can exploit to execute arbitrary code or cause a denial of service. (CVE-2015-0805, CVE-2015-0806)
- A cross-site request forgery (XSRF) vulnerability exists in the sendBeacon() function due to cross-origin resource sharing (CORS) requests following 30x redirections. (CVE-2015-0807)
- An issue exists in WebRTC related to memory management for simple-style arrays, which may be used by a remote attacker to cause a denial of service. (CVE-2015-0808)
- An issue exists that allows a remote attacker to make the user's cursor invisible, possibly resulting in a successful clickjacking attack. Only OS X installations of Firefox are affected. (CVE-2015-0810)
- An out-of-bounds read issue exists in the QCMS color management library that could lead to an information disclosure. (CVE-2015-0811)
- An issue exists that can allow a man-in-the-middle attacker to bypass user-confirmation and install a Firefox lightweight theme by spoofing a Mozilla sub-domain. (CVE-2015-0812)
- A use-after-free vulnerability affects the AppendElements() function when the Fluendo MP3 plugin for GStreamer is used. A remote attacker could exploit this to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted MP3 file. (CVE-2015-0813)
- Multiple memory safety issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and possibly execute arbitrary code. (CVE-2015-0814, CVE-2015-0815)
SolutionUpgrade to Firefox 37.0 (or Firefox ESR version 31.6, as appropriate), or later.