Mozilla Firefox ESR 45.x < 45.4 Multiple Vulnerabilities

critical Nessus Plugin ID 93661

Synopsis

The remote Windows host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.4. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the HttpBaseChannel::GetPerformance() function in netwerk/protocol/http/HttpBaseChannel.cpp due to the program leaking potentially sensitive resources of URLs through the Resource Timing API during page navigation. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2016-5250)

- Multiple memory safety issues exist that allow an unauthenticated, remote attacker to potentially execute arbitrary code. (CVE-2016-5257)

- An integer overflow condition exists in the WebSocketChannel::ProcessInput() function within file netwerk/protocol/websocket/WebSocketChannel.cpp when handling specially crafted WebSocketChannel packets due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5261)

- A heap buffer overflow condition exists in the nsCaseTransformTextRunFactory::TransformString() function in layout/generic/nsTextRunTransformations.cpp when converting text containing certain Unicode characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5270)

- A type confusion error exists within file layout/forms/nsRangeFrame.cpp when handling layout with input elements. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5272)

- A use-after-free error exists within file layout/style/nsRuleNode.cpp when handling web animations during restyling. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
(CVE-2016-5274)

- A use-after-free error exists in the DocAccessible::ProcessInvalidationList() function within file accessible/generic/DocAccessible.cpp when setting an aria-owns attribute. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
(CVE-2016-5276)

- A use-after-free error exists in the nsRefreshDriver::Tick() function when handling web animations destroying a timeline. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5277)

- A buffer overflow condition exists in the nsBMPEncoder::AddImageFrame() function within file dom/base/ImageEncoder.cpp when encoding image frames to images. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5278)

- A use-after-free error exists in the nsTextNodeDirectionalityMap::RemoveElementFromMap() function within file dom/base/DirectionalityUtils.cpp when handling changing of text direction. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5280)

- A use-after-free error exists when handling SVG format content that is being manipulated through script code.
An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5281)

- A flaw exists due to the certificate pinning policy for built-in sites (e.g., addons.mozilla.org) not being honored when pins have expired. A man-in-the-middle (MitM) attacker can exploit this to generate a trusted certificate, which could be used to conduct spoofing attacks. (CVE-2016-5284)

Solution

Upgrade to Mozilla Firefox ESR version 45.4 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/

Plugin Details

Severity: Critical

ID: 93661

File Name: mozilla_firefox_45_4_esr.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 9/22/2016

Updated: 11/14/2019

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-5281

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Required KB Items: Mozilla/Firefox/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/20/2016

Vulnerability Publication Date: 5/31/2016

Reference Information

CVE: CVE-2016-5250, CVE-2016-5257, CVE-2016-5261, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5278, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284

BID: 92260, 93049

MFSA: 2016-86