Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Firefox ESR installed on the remote Windows host is prior to 38.4. It is, therefore, affected by the following vulnerabilities :
- Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2015-4513, CVE-2015-4514)
- An unspecified use-after-poison flaw exists in the sec_asn1d_parse_leaf() function in Mozilla Network Security Services (NSS) due to improper restriction of access to an unspecified data structure. A remote attacker can exploit this, via crafted OCTET STRING data, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7181)
- A heap buffer overflow condition exists in the ASN.1 decoder in Mozilla Network Security Services (NSS) due to improper validation of user-supplied input. A remote attacker can exploit this, via crafted OCTET STRING data, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7182)
- An integer overflow condition exists in the PL_ARENA_ALLOCATE macro in the Netscape Portable Runtime (NSPR) due to improper validation of user-supplied input. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-7183)
- A same-origin bypass vulnerability exists due to improper handling of trailing whitespaces in the IP address hostname. A remote attacker can exploit this, by appending whitespace characters to an IP address string, to bypass the same-origin policy and conduct a cross-site scripting attack. (CVE-2015-7188)
- A race condition exists in the JPEGEncoder() function due to improper validation of user-supplied input when handling canvas elements. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-7189)
- A cross-origin resource sharing (CORS) request bypass vulnerability exists due to improper implementation of the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation. A remote attacker can exploit this to perform a simple request instead of a 'preflight' request. (CVE-2015-7193)
- A buffer underflow condition exists in libjar due to improper validation of user-supplied input when handling ZIP archives. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7194)
- A memory corruption issue exists in the _releaseobject() function in dom/plugins/base/nsNPAPIPlugin.cpp due to improper deallocation of JavaScript wrappers. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2015-7196)
- A security bypass vulnerability exists due to improperly controlling the ability of a web worker to create a WebSocket object in the WebSocketImpl::Init() method.
A remote attacker can exploit this to bypass intended mixed-content restrictions. (CVE-2015-7197)
- A buffer overflow condition exists in TextureStorage11 in ANGLE due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-7198)
- A flaw exists in the AddWeightedPathSegLists() function due to missing return value checks during SVG rendering.
A remote attacker can exploit this, via a crafted SVG document, to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2015-7199)
- A flaw exists in the CryptoKey interface implementation due to missing status checks. A remote attacker can exploit this to make changes to cryptographic keys and execute arbitrary code. (CVE-2015-7200)
Solution
Upgrade to Firefox ESR 38.4 or later.
Plugin Details
File Name: mozilla_firefox_38_4_esr.nasl
Agent: windows
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:mozilla:firefox_esr
Required KB Items: Mozilla/Firefox/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 11/3/2015
Vulnerability Publication Date: 11/3/2015
Reference Information
CVE: CVE-2015-4513, CVE-2015-4514, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
BID: 77415, 77416