Detections
Analytics
Firefox ESR 45.x < 45.2 Multiple Vulnerabilities
high Nessus Plugin ID 91546
Language:
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.Description
The version of Firefox ESR installed on the remote Windows host is 45.x prior to 45.2. It is, therefore, affected by multiple vulnerabilities :- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-2818)
- An overflow condition exists that is triggered when handling HTML5 fragments in foreign contexts (e.g., under <svg> nodes). An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.
(CVE-2016-2819)
- A use-after-free error exists that is triggered when deleting DOM table elements in 'contenteditable' mode.
An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-2821)
- A spoofing vulnerability exists due to improper handling of SELECT elements. An unauthenticated, remote attacker can exploit this to spoof the contents of the address bar. (CVE-2016-2822)
- An out-of-bounds write error exists in the ANGLE graphics library due to improper size checking while writing to an array during WebGL shader operations. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-2824)
- A privilege escalation vulnerability exists in the Windows updater utility due to improper extraction of files from MAR archives. A local attacker can exploit this to replace the extracted files, allowing the attacker to gain elevated privileges. (CVE-2016-2826)
- A use-after-free error exists that is triggered when destroying the recycle pool of a texture used during the processing of WebGL content. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.
(CVE-2016-2828)
- A flaw exists that is triggered when handling paired fullscreen and pointerlock requests in combination with closing windows. An unauthenticated, remote attacker can exploit this to create an unauthorized pointerlock, resulting in a denial of service condition.
Additionally, an attacker can exploit this to conduct spoofing and clickjacking attacks. (CVE-2016-2831)
Solution
Upgrade to Firefox ESR version 45.2 or later.See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2016-49/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-50/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-51/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-52/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-53/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-55/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-58/
Plugin Details
Severity: High
ID: 91546
File Name: mozilla_firefox_45_2_esr.nasl
Version: 1.9
Type: local
Agent: windows
Family: Windows
Published: 6/9/2016
Updated: 11/19/2019
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 6.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2016-2826
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:mozilla:firefox_esr
Required KB Items: Mozilla/Firefox/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/7/2016
Vulnerability Publication Date: 6/7/2016
Reference Information
CVE: CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2824, CVE-2016-2826, CVE-2016-2828, CVE-2016-2831
MFSA: 2016-49, 2016-50, 2016-51, 2016-52, 2016-53, 2016-55, 2016-56, 2016-58