Mozilla Firefox < 38.0 / Firefox ESR < 31.7 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8865

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 38.0 (or ESR version 31.7) are unpatched for the following vulnerabilities :

- A privilege escalation vulnerability exists in the Inter-process Communications (IPC) implementation due to a failure to validate the identity of a listener process. (MFSA2015-57)
- An issue exists in the Mozilla updater in which DLL files in the current working directory or Windows temporary directories will be loaded, allowing the execution of arbitrary code. (CVE-2015-0833, CVE-2015-2720)
- Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code. (CVE-2015-2708, CVE-2015-2709)
- A buffer overflow condition exists in 'SVGTextFrame.cpp' when rendering SVG graphics that are combined with certain CSS properties due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2710)
- A security bypass vulnerability exists due to the referrer policy not being enforced in certain situations when opening links (e.g. using the context menu or a middle-clicks by mouse). A remote attacker can exploit this to bypass intended policy settings. (CVE-2015-2711)
- An out-of-bounds read and write issue exists in the 'CheckHeapLengthCondition()' function due to improper JavaScript validation of heap lengths. A remote attacker can exploit this, via a specially crafted web page, to disclose memory contents. (CVE-2015-2712)
- A use-after-free error exists due to improper processing of text when vertical text is enabled. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2713) - A use-after-free error exists in the 'RegisterCurrentThread()' function in 'nsThreadManager.cpp' due to a race condition related to media decoder threads created during the shutdown process. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2715)
- A buffer overflow condition exists in the 'XML_GetBuffer()' function in xmlparse.c due to improper validation of user-supplied input when handling compressed XML content. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2716)
- An integer overflow condition exists in the 'parseChunk()' function in 'MPEG4Extractor.cpp' due to improper handling of MP4 video metadata in chunks. A remote attacker can exploit this, via specially crafted media content, to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2717)
- A security bypass vulnerability exists in 'WebChannel.jsm' due to improper handling of message traffic. An untrusted page hosting a trusted page within an iframe can intercept webchannel responses for the trusted page. This allows a remote attacker, via a specially crafted web page, to bypass origin restrictions, resulting in the disclosure of sensitive information. (CVE-2015-2718)
- Multiple integer overflow conditions exist in the bundled libstagefright component due to improper validation of user-supplied input when processing MPEG4 sample metadata. A remote attacker can exploit this, via specially crafted media content, to execute arbitrary code. (CVE-2015-4496)

Solution

Upgrade to Firefox 38.0 or Firefox ESR version 31.7 or later.

See Also

https://www.mozilla.org/security/announce/2014/mfsa2015-46.html

https://www.mozilla.org/security/announce/2014/mfsa2015-48.html

https://www.mozilla.org/security/announce/2014/mfsa2015-49.html

https://www.mozilla.org/security/announce/2014/mfsa2015-50.html

https://www.mozilla.org/security/announce/2014/mfsa2015-51.html

https://www.mozilla.org/security/announce/2014/mfsa2015-52.html

https://www.mozilla.org/security/announce/2014/mfsa2015-53.html

https://www.mozilla.org/security/announce/2014/mfsa2015-54.html

https://www.mozilla.org/security/announce/2014/mfsa2015-55.html

https://www.mozilla.org/security/announce/2014/mfsa2015-56.html

https://www.mozilla.org/security/announce/2014/mfsa2015-57.html

https://www.mozilla.org/security/announce/2014/mfsa2015-58.html

https://www.mozilla.org/security/announce/2015/mfsa2015-93.html

Plugin Details

Severity: High

ID: 8865

Family: Web Clients

Published: 2015/09/16

Modified: 2018/09/16

Dependencies: 9131

Nessus ID: 83439

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:ND/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Patch Publication Date: 2015/05/21

Vulnerability Publication Date: 2015/05/21

Reference Information

CVE: CVE-2015-2708, CVE-2015-2709, CVE-2015-2710, CVE-2015-2711, CVE-2015-2712, CVE-2015-2713, CVE-2015-2714, CVE-2015-2715, CVE-2015-2716, CVE-2015-2717, CVE-2015-2718, CVE-2015-2720, CVE-2015-4496

BID: 74611, 74615, 76333