Firefox ESR < 38.3 Multiple Vulnerabilities

high Nessus Plugin ID 86070

Synopsis

The remote Windows host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Firefox ESR installed on the remote Windows host is prior to 38.3. It is, therefore, affected by the following vulnerabilities :

- Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4500)

- Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4501)

- A flaw exists in the Mozilla updater that allows a local attacker to replace arbitrary files on the system, resulting in the execution of arbitrary code.
(CVE-2015-4505)

- A buffer overflow condition exists in the libvpx component when parsing vp9 format video. A remote attacker can exploit this, via a specially crafted vp9 format video, to execute arbitrary code. (CVE-2015-4506)

- A user-after-free error exists when manipulating HTML media elements on a page during script manipulation of the URI table of these elements. An attacker can exploit this to cause a denial of service condition.
(CVE-2015-4509)

- A buffer overflow condition exists in the nestegg library when decoding a WebM format video with maliciously formatted headers. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4511)

- A memory corruption issue exists in NetworkUtils.cpp. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4517)

- An information disclosure vulnerability exists due to a flaw that occurs when a previously loaded image on a page is dropped into content after a redirect, resulting in the redirected URL being available to scripts.
(CVE-2015-4519)

- Multiple security bypass vulnerabilities exist due to errors in the handling of CORS preflight request headers. (CVE-2015-4520)

- A memory corruption issue exists in the ConvertDialogOptions() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code.
(CVE-2015-4521)

- An overflow condition exists in the GetMaxLength() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4522)

- An overflow condition exists in the GrowBy() function.
An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7174)

- An overflow condition exists in the AddText() function.
An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7175)

- A stack overflow condition exists in the AnimationThread() function due to a bad sscanf argument. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7176)

- A memory corruption issue exists in the InitTextures() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7177)

- An out-of-bounds memory error exists in the linkAttributes() function when manipulating shaders. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7178)

- An overflow condition exists in the reserveVertexSpace() function due to an insufficient allocation of memory for a shader attribute array. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7179)

- A memory corruption issue exists in ReadbackResultWriterD3D11::Run due to mishandling of the return status. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7180)

Solution

Upgrade to Firefox ESR 38.3 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-100/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-101/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/

Plugin Details

Severity: High

ID: 86070

File Name: mozilla_firefox_38_3_esr.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 9/22/2015

Updated: 11/20/2019

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-7180

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Required KB Items: Mozilla/Firefox/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/22/2015

Vulnerability Publication Date: 9/22/2015

Reference Information

CVE: CVE-2015-4500, CVE-2015-4501, CVE-2015-4505, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7178, CVE-2015-7179, CVE-2015-7180