RHEL 7 : firefox (RHSA-2017:1106)

critical Nessus Plugin ID 99572

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:1106 advisory.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.1.0 ESR.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Grgoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, Haik Aftandilian, Paul Theriault, Julian Hector, Petr Cerny, Jordi Chancel, and Heather Miller of Google Skia team as the original reporters.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2017:1106.

See Also

http://www.nessus.org/u?8d35f704

https://access.redhat.com/errata/RHSA-2017:1106

https://access.redhat.com/security/updates/classification/#critical

https://bugzilla.redhat.com/show_bug.cgi?id=1443297

https://bugzilla.redhat.com/show_bug.cgi?id=1443298

https://bugzilla.redhat.com/show_bug.cgi?id=1443299

https://bugzilla.redhat.com/show_bug.cgi?id=1443301

https://bugzilla.redhat.com/show_bug.cgi?id=1443303

https://bugzilla.redhat.com/show_bug.cgi?id=1443304

https://bugzilla.redhat.com/show_bug.cgi?id=1443305

https://bugzilla.redhat.com/show_bug.cgi?id=1443307

https://bugzilla.redhat.com/show_bug.cgi?id=1443308

https://bugzilla.redhat.com/show_bug.cgi?id=1443310

https://bugzilla.redhat.com/show_bug.cgi?id=1443311

https://bugzilla.redhat.com/show_bug.cgi?id=1443312

https://bugzilla.redhat.com/show_bug.cgi?id=1443313

https://bugzilla.redhat.com/show_bug.cgi?id=1443314

https://bugzilla.redhat.com/show_bug.cgi?id=1443315

https://bugzilla.redhat.com/show_bug.cgi?id=1443317

https://bugzilla.redhat.com/show_bug.cgi?id=1443322

https://bugzilla.redhat.com/show_bug.cgi?id=1443323

https://bugzilla.redhat.com/show_bug.cgi?id=1443324

https://bugzilla.redhat.com/show_bug.cgi?id=1443325

https://bugzilla.redhat.com/show_bug.cgi?id=1443326

https://bugzilla.redhat.com/show_bug.cgi?id=1443327

https://bugzilla.redhat.com/show_bug.cgi?id=1443328

https://bugzilla.redhat.com/show_bug.cgi?id=1443329

https://bugzilla.redhat.com/show_bug.cgi?id=1443330

https://bugzilla.redhat.com/show_bug.cgi?id=1443331

https://bugzilla.redhat.com/show_bug.cgi?id=1443332

https://bugzilla.redhat.com/show_bug.cgi?id=1443333

https://bugzilla.redhat.com/show_bug.cgi?id=1443334

https://bugzilla.redhat.com/show_bug.cgi?id=1443338

https://bugzilla.redhat.com/show_bug.cgi?id=1443340

https://www.mozilla.org/en-US/security/advisories/mfsa2017-12

Plugin Details

Severity: Critical

ID: 99572

File Name: redhat-RHSA-2017-1106.nasl

Version: 3.19

Type: local

Agent: unix

Published: 4/21/2017

Updated: 3/21/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-5469

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:firefox, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/20/2017

Vulnerability Publication Date: 3/15/2017

Reference Information

CVE: CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469

CWE: 121, 125

RHSA: 2017:1106