Mozilla Firefox < 23.0 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6978

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than version 23.0 are prone to the following vulnerabilities :

- Multiple memory-corruption vulnerabilities exist in the browser engine that could lead to arbitrary code execution. (CVE-2013-1701, CVE-2013-1702)
- A use-after-free vulnerability occurs when the Document Object Model is modified during a SetBody mutation event. (CVE-2013-1704)
- A use-after-free vulnerability occurs when generating a Certificate Request Message Format (CRMF) request with certain parameters. (CVE-2013-1705)
- Multiple stack-based buffer overflow vulnerabilities occur in both the Maintenance Service and the Mozilla Updater when unexpectedly long paths were encountered. (CVE-2013-1706, CVE-2013-1707)
- A denial-of-service vulnerability occurs when decoding of 'WAV' format audio files. (CVE-2013-1708)
- A cross-site scripting vulnerability affects the application. An attacker can exploit this issue through an interaction of frames and browser history. (CVE-2013-1709)
- A remote code execution and cross-site scripting vulnerability occurs when generating a Certificate Request Message Format (CRMF) request. (CVE-2013-1710)
- A cross-site scripting vulnerability occurs by bypassing XrayWrappers from within the Chrome on unprivileged objects, using XBL Scopes. (CVE-2013-1711)
- A privilege-escalation vulnerability occurs due to an error when using Mozilla Updater. An attacker can exploit this issue to load a specific malicious DLL file from the local system using the Mozilla Updater, and can able to execute the DLL in a privileged context through the Mozilla Maintenance Service's privileges. (CVE-2013-1712)
- A same-origin security-bypass vulnerability exists because wrong principal is used for validating URI for some Javascript components. (CVE-2013-1713)
- A same-origin security-bypass vulnerability occurs due to an error with web workers and XMLHttpRequest. (CVE-2013-1714)
- A DLL hijacking vulnerability occurs that leads to arbitrary code execution. This issue affects the Firefox Full installer and Stub installer. (CVE-2013-1715)
- An information-disclosure vulnerability occurs due to an unspecified error with Java applets. This issue leads to disclose contents of local file system when loaded using the a 'file:/// URI'. (CVE-2013-1717)

Solution

Upgrade to Firefox 23.0 or later.

See Also

http://www.mozilla.org/security/announce/2013/mfsa2013-63.html

http://www.mozilla.org/security/announce/2013/mfsa2013-64.html

http://www.mozilla.org/security/announce/2013/mfsa2013-65.html

http://www.mozilla.org/security/announce/2013/mfsa2013-66.html

http://www.mozilla.org/security/announce/2013/mfsa2013-67.html

http://www.mozilla.org/security/announce/2013/mfsa2013-68.html

http://www.mozilla.org/security/announce/2013/mfsa2013-69.html

http://www.mozilla.org/security/announce/2013/mfsa2013-70.html

http://www.mozilla.org/security/announce/2013/mfsa2013-71.html

http://www.mozilla.org/security/announce/2013/mfsa2013-72.html

http://www.mozilla.org/security/announce/2013/mfsa2013-73.html

http://www.mozilla.org/security/announce/2013/mfsa2013-75.html

http://www.mozilla.org/security/announce/2013/mfsa2013-74.html

Plugin Details

Severity: High

ID: 6978

Family: Web Clients

Published: 8/8/2013

Updated: 3/6/2019

Nessus ID: 69234, 69269

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Patch Publication Date: 8/6/2012

Vulnerability Publication Date: 8/6/2012

Exploitable With

Metasploit (Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution)

Reference Information

CVE: CVE-2013-1701, CVE-2013-1702, CVE-2013-1704, CVE-2013-1705, CVE-2013-1706, CVE-2013-1707, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1715, CVE-2013-1717

BID: 61864, 61867, 61869, 61871, 61872, 61873, 61874, 61875, 61876, 61877, 61878, 61882, 61883, 61896, 61900