Detections
Analytics

Mozilla Firefox ESR < 45.3 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9485

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR less than or equal to 45.2 are unpatched for the following vulnerabilities :

 - A flaw exists due to the program failing to close connections after requesting favicons. This may allow a context-dependent attacker to continue to send requests to the user's browser and gain access to potentially sensitive information.
 - A flaw exists in 'js/src/frontend/Parser.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'js::array_splice_impl()' function in 'js/src/jsarray.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists that is triggered as certain unspecified user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
- A flaw exists in the 'OSXNotificationCenter::ShowAlertWithIconData()' function in 'widget/cocoa/OSXNotificationCenter.mm' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free condition exists in 'dom/media/GraphDriver.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in the 'Http2Session::TransactionHasDataToWrite()' function in 'netwerk/protocol/http/Http2Session.cpp' and 'SpdySession31::TransactionHasDataToWrite()' function in 'netwerk/protocol/http/SpdySession31.cpp'. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An overflow condition exists in the 'ClearKeyDecryptor::Decrypt()' function in 'media/gmp-clearkey/0.1/ClearKeyDecryptionManager.cpp' used by the Encrypted Media Extensions (EME) API. The issue is triggered as user-supplied input is not properly validated when handling video files. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2016-2837)
 - A use-after-free error exists in the 'nsXULPopupManager::KeyDown()' function in 'layout/xul/nsXULPopupManager.cpp'. The issue is triggered when using the alt key in conjunction with top level menu items in Firefox. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.(CVE-2016-5254)
 - A use-after-free error exists in 'WebRTC'. The issue is triggered when handling 'DTLS' objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5258)
 - A flaw exists that is due to event handler attributes on a 'marquee' tag being executed inside a sandboxed iframe that does not have the allow-scripts flag set. This may allow a context-dependent attacker to bypass XSS protection mechanisms. (CVE-2016-5262)
 - A use-after-free error exists in the 'nsNodeUtils::NativeAnonymousChildListChange()' function. The issue is triggered when applying effects to SVG element. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5264)

Solution

Upgrade to Firefox ESR version 45.3 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2016-62

https://www.mozilla.org/en-US/security/advisories/mfsa2016-63

https://www.mozilla.org/en-US/security/advisories/mfsa2016-64

https://www.mozilla.org/en-US/security/advisories/mfsa2016-67

https://www.mozilla.org/en-US/security/advisories/mfsa2016-68

https://www.mozilla.org/en-US/security/advisories/mfsa2016-70

https://www.mozilla.org/en-US/security/advisories/mfsa2016-72

https://www.mozilla.org/en-US/security/advisories/mfsa2016-73

https://www.mozilla.org/en-US/security/advisories/mfsa2016-76

https://www.mozilla.org/en-US/security/advisories/mfsa2016-77

https://www.mozilla.org/en-US/security/advisories/mfsa2016-78

https://www.mozilla.org/en-US/security/advisories/mfsa2016-79

https://www.mozilla.org/en-US/security/advisories/mfsa2016-80

Plugin Details

Severity: Medium

ID: 9485

Family: Web Clients

Published: 8/26/2016

Updated: 11/6/2019

Nessus ID: 92754

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Patch Publication Date: 8/2/2016

Vulnerability Publication Date: 7/21/2016

Reference Information

CVE: CVE-2016-2830, CVE-2016-2836, CVE-2016-2837, CVE-2016-5254, CVE-2016-5258, CVE-2016-5262, CVE-2016-5264

BID: 92258, 92261