Detections
Analytics

Mozilla Firefox < 57.0.2 RCE

high Nessus Network Monitor Plugin ID 700324

Synopsis

The remote host has a web browser installed that is vulnerable to a Remote Code Execution (RCE) attack vector.

Description

Versions of Mozilla Firefox earlier than 57.0.2 are unpatched for an overflow condition exists that is triggered as certain input is not properly validated when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code.

Solution

Upgrade to Firefox version 57.0.2 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2017-29

Plugin Details

Severity: High

ID: 700324

Family: Web Clients

Published: 8/21/2018

Updated: 3/6/2019

Nessus ID: 105213

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 12/7/2017

Vulnerability Publication Date: 12/7/2017

Reference Information

CVE: CVE-2017-7845

BID: 102115