Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 41.0 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The version of Mozilla Firefox is prior to 41.0 and is affected by multiple vulnerabilities :

- A flaw exists in ReadbackResultWriterD3D11::Run(). The issue is triggered as user-supplied input is not properly validated when handling return statuses. This may potentially allow a context-dependent attacker to corrupt memory and have an unspecified impact. (CVE-2015-7180) - A flaw exists in InitTextures(). The issue is triggered as user-supplied input is not properly validated. This may potentially allow a context-dependent attacker to corrupt memory and have an unspecified impact. (CVE-2015-7117) - An overflow condition exists in AnimationThread(). The issue is triggered as user-supplied input is not properly validated when handling sscanf arguments. This may allow a context-dependent attacker to cause a stack overflow, resulting in an unspecified impact. (CVE-2015-7176) - An overflow condition exists in XULContentSinkImpl::AddText(). The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, resulting in an unspecified impact. (CVE-2015-7175) - An overflow condition exists in the nsAttrAndChildArray::GrowBy() function in 'dom/base/nsAttrAndChildArray.cpp'. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2015-7174) - An overflow condition exists in the nsUnicode*::GetMaxLength() functions that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2015-4522) - A flaw exists in ConvertDialogOptions(). The issue is triggered as user-supplied input is not properly validated. This may potentially allow a context-dependent attacker to corrupt memory and have an unspecified impact. (CVE-2015-4521) - A flaw exists in NetworkUtils.cpp. The issue is triggered as user-supplied input is not properly validated. This may potentially allow a context-dependent attacker to corrupt memory and have an unspecified impact. (CVE-2015-4517) - An out-of-bounds read flaw exists in 'gfx/2d/DataSurfaceHelpers.cpp' that is triggered during the rendering of 2D canvases. This may allow a context-dependent attacker to potentially disclose sensitive memory contents. (CVE-2015-4512) - A flaw exists that is triggered when identical cache keys may be generated for distinct preflight requests on a site. This may potentially allow a subsequent request to bypass intended cross-origin resource sharing (CORS) checks. (CVE-2015-4520) - A flaw exists that is triggered when handling images that have been "dragged and dropped" after a redirect. The redirected URL of the image may be available to scripts, potentially allowing a context-dependent attacker to gain unauthorized access to it. (CVE-2015-4519) - A use-after-free error exists in 'dom/html/HTMLMediaElement.cpp' that is triggered during the handling of HTML media elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2015-4509) - nestegg contains an overflow condition. The issue is triggered as user-supplied input is not properly validated when decoding WebM videos. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2015-4511) - A flaw related to scratch register scope handling exists. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500) - A flaw exists in the cloneLeftHandSide() function in 'frontend/ParseNode.cpp' that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500) - A flaw exists that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500) - A flaw exists in 'memory/mozjemalloc/jemalloc.c' that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500) - A flaw exists in the stagefright component that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500) - A flaw exists that is triggered when handling generator function groups, as they have an improper prototype. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500) - A flaw exists in the nsXBLService::GetBinding() function in 'dom/xbl/nsXBLService.cpp' that is triggered when loading bindings. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500) - A flaw exists in the IndexedDB component that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2015-4500) - A use-after-free error exists in 'nsIPresShell' that is triggered when handling a restyling operation during the resizing of a canvas element. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2015-4497) - A flaw exists that is triggered when handling add-on installation using 'data:' URLs. With a specially crafted web page, a context-dependent attacker can bypass the install permission prompt for add-ons and install add-ons from malicious sources. (CVE-2015-4498)

Solution

Upgrade to Firefox 41.0 or later.