Mozilla Firefox ESR < 45.3 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9485

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR less than or equal to 45.2 are unpatched for the following vulnerabilities :

- A flaw exists due to the program failing to close connections after requesting favicons. This may allow a context-dependent attacker to continue to send requests to the user's browser and gain access to potentially sensitive information.
- A flaw exists in 'js/src/frontend/Parser.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
- A flaw exists in the 'js::array_splice_impl()' function in 'js/src/jsarray.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
- A flaw exists that is triggered as certain unspecified user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
- A flaw exists in the 'OSXNotificationCenter::ShowAlertWithIconData()' function in 'widget/cocoa/OSXNotificationCenter.mm' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
- A use-after-free condition exists in 'dom/media/GraphDriver.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- A flaw exists in the 'Http2Session::TransactionHasDataToWrite()' function in 'netwerk/protocol/http/Http2Session.cpp' and 'SpdySession31::TransactionHasDataToWrite()' function in 'netwerk/protocol/http/SpdySession31.cpp'. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
- An overflow condition exists in the 'ClearKeyDecryptor::Decrypt()' function in 'media/gmp-clearkey/0.1/ClearKeyDecryptionManager.cpp' used by the Encrypted Media Extensions (EME) API. The issue is triggered as user-supplied input is not properly validated when handling video files. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2016-2837)
- A use-after-free error exists in the 'nsXULPopupManager::KeyDown()' function in 'layout/xul/nsXULPopupManager.cpp'. The issue is triggered when using the alt key in conjunction with top level menu items in Firefox. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.(CVE-2016-5254)
- A use-after-free error exists in 'WebRTC'. The issue is triggered when handling 'DTLS' objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5258)
- A flaw exists that is due to event handler attributes on a 'marquee' tag being executed inside a sandboxed iframe that does not have the allow-scripts flag set. This may allow a context-dependent attacker to bypass XSS protection mechanisms. (CVE-2016-5262)
- A use-after-free error exists in the 'nsNodeUtils::NativeAnonymousChildListChange()' function. The issue is triggered when applying effects to SVG element. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5264)

Solution

Upgrade to Firefox ESR version 45.3 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2016-62

https://www.mozilla.org/en-US/security/advisories/mfsa2016-63

https://www.mozilla.org/en-US/security/advisories/mfsa2016-64

https://www.mozilla.org/en-US/security/advisories/mfsa2016-67

https://www.mozilla.org/en-US/security/advisories/mfsa2016-68

https://www.mozilla.org/en-US/security/advisories/mfsa2016-70

https://www.mozilla.org/en-US/security/advisories/mfsa2016-72

https://www.mozilla.org/en-US/security/advisories/mfsa2016-73

https://www.mozilla.org/en-US/security/advisories/mfsa2016-76

https://www.mozilla.org/en-US/security/advisories/mfsa2016-77

https://www.mozilla.org/en-US/security/advisories/mfsa2016-78

https://www.mozilla.org/en-US/security/advisories/mfsa2016-79

https://www.mozilla.org/en-US/security/advisories/mfsa2016-80

Plugin Details

Severity: High

ID: 9485

Family: Web Clients

Published: 2016/08/26

Updated: 2019/03/06

Dependencies: 9131

Nessus ID: 92754

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 6.2

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Patch Publication Date: 2016/08/02

Vulnerability Publication Date: 2016/07/21

Reference Information

CVE: CVE-2016-2830, CVE-2016-2836, CVE-2016-2837, CVE-2016-5254, CVE-2016-5258, CVE-2016-5262, CVE-2016-5264

BID: 92258, 92261