Mozilla Firefox < 47.0 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9383
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 47.0 are unpatched for the following vulnerabilities :

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-2815, CVE-2016-2818)
- An overflow condition exists that is triggered when handling HTML5 fragments in foreign contexts (e.g., under <svg> nodes). An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2016-2819)
- A use-after-free error exists that is triggered when deleting DOM table elements in 'contenteditable' mode. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-2821)
- A spoofing vulnerability exists due to improper handling of SELECT elements. An unauthenticated, remote attacker can exploit this to spoof the contents of the address bar. (CVE-2016-2822)
- A same-origin bypass vulnerability exists that is triggered when handling 'location.host' property values set after the creation of invalid 'data:' URIs. An unauthenticated, remote attacker can exploit this to partially bypass same-origin policy protections. (CVE-2016-2825)
- A use-after-free error exists that is triggered when destroying the recycle pool of a texture used during the processing of WebGL content. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-2828)
- A flaw exists in 'browser/modules/webrtcUI.jsm' that is triggered when handling a large number of permission requests over a small period of time. An unauthenticated, remote attacker can exploit this to cause the incorrect icon to be displayed in a given permission request, potentially resulting in a user approving unintended permission requests. (CVE-2016-2829)
- A flaw exists that is triggered when handling paired fullscreen and pointerlock requests in combination with closing windows. An unauthenticated, remote attacker can exploit this to create an unauthorized pointerlock, resulting in a denial of service condition. Additionally, an attacker can exploit this to conduct spoofing and clickjacking attacks. (CVE-2016-2831)
- An information disclosure vulnerability exists that is triggered when handling CSS pseudo-classes. An unauthenticated, remote attacker can exploit this disclose a list of installed plugins. (CVE-2016-2832)
- A Content Security Policy (CSP) bypass exists that is triggered when handling specially crafted cross-domain Java applets. An unauthenticated, remote attacker can exploit this to bypass the CSP and conduct cross-site scripting attacks. (CVE-2016-2833)
- Multiple unspecified flaws exist in the Mozilla Network Security Services (NSS) component that allow an attacker to have an unspecified impact. (CVE-2016-2834)

Solution

Upgrade to Firefox version 47.0 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2016-49

https://www.mozilla.org/en-US/security/advisories/mfsa2016-50

https://www.mozilla.org/en-US/security/advisories/mfsa2016-51

https://www.mozilla.org/en-US/security/advisories/mfsa2016-52

https://www.mozilla.org/en-US/security/advisories/mfsa2016-56

https://www.mozilla.org/en-US/security/advisories/mfsa2016-58

https://www.mozilla.org/en-US/security/advisories/mfsa2016-54

https://www.mozilla.org/en-US/security/advisories/mfsa2016-57

https://www.mozilla.org/en-US/security/advisories/mfsa2016-59

https://www.mozilla.org/en-US/security/advisories/mfsa2016-60

https://www.mozilla.org/en-US/security/advisories/mfsa2016-61

Plugin Details

Severity: High

ID: 9383

Family: Web Clients

Published: 6/24/2016

Updated: 3/6/2019

Dependencies: 9131

Nessus ID: 91545, 91547

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Patch Publication Date: 6/7/2016

Vulnerability Publication Date: 5/5/2016

Reference Information

CVE: CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2828, CVE-2016-2831, CVE-2016-2834, CVE-2016-2825, CVE-2016-2829, CVE-2016-2832, CVE-2016-2833, CVE-2016-2826

BID: 91072, 91074, 91075