Mozilla Firefox < 57.0.4 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 700325

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 57.0.4 are unpatched for the following vulnerabilities :

- A flaw exists related to speculative execution, which is used as a performance feature to speed up operations. This optimization can result in memory being cached during conditional branches handling out-of-bounds checks. Using a vulnerable code pattern, or a JIT engine or interpreter to generate such a pattern, an attacker can perform a Flush+Reload or Evict+Reload side-channel attack on the cache and disclose parts of the privileged kernel memory. (CVE-2017-5753)
- A flaw exists in the fundamental design related to out-of-order process execution, which is used as a performance feature to speed up operations. This optimization can result in memory being cached before exceptions are raised for restricted memory access. Using transient instructions in combination with a Flush+Reload side-channel attack a local attacker can disclose parts of the privileged kernel memory. (CVE-2017-5754)
- A flaw exists related to speculative execution, which is used as a performance feature to speed up operations. This optimization can result in memory being cached during indirect branch prediction. This may allow a local attacker to train the Branch Target Buffer (BTB) to trigger a false prediction to a specially crafted memory location, causing a speculative execution of a crafted gadget and the caching of arbitrary memory. Using a side-channel attack on the cache the attacker can disclose parts of the privileged kernel memory. (CVE-2017-5754)

Solution

Upgrade to Firefox version 57.0.4 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2018-01

https://spectreattack.com

Plugin Details

Severity: Medium

ID: 700325

Family: Web Clients

Published: 8/21/2018

Updated: 3/6/2019

Nessus ID: 105616

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 1/2/2018

Vulnerability Publication Date: 1/2/2018

Reference Information

CVE: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

BID: 102371, 102376