Synopsis
The remote host has a web browser installed that is vulnerable to multiple attack vectors.
Description
Versions of Mozilla Firefox ESR prior to 31.1 are unpatched for the following vulnerabilities :
- Buffer overflow vulnerability exists when capitalization style changes occur during CSS parsing. (CVE-2014-1576)
- Out-of-bounds read error in the Web Audio component when invalid values are used in custom waveforms can lead to denial of service or information disclosure. (CVE-2014-1577)
- Out-of-bounds write error when processing invalid tile sizes in 'WebM' format videos can be leveraged for arbitrary code execution. (CVE-2014-1578)
- Memory is not properly initialized during GIF rendering within a '<canvas>' element, which can be leveraged via a specially crafted web script to acquire sensitive information from the process memory. (CVE-2014-1580)
- Use-after-free error in the 'DirectionalityUtils' component when text direction is used in the text layout can be leveraged for arbitrary code execution. (CVE-2014-1581)
- Multiple security bypass vulnerabilities exist in the implementation of Public Key Pinning (PKP); one issue can be triggered via SPDY's or HTTP/2's connection-coalescing property in the case of a shared IP address, and another issue is exposed by an unspecified issuer-verification error. Both scenarios can be leveraged for man-in-the-middle attacks. Note that key pinning was introduced in Firefox 32. (CVE-2014-1582, CVE-2014-1584)
- A cross-origin policy bypass exists that could allow a malicious app to use 'AlarmAPI' to read cross-origin references and possibly perform unauthorized actions through the victim user's session. (CVE-2014-1583)
- Multiple issues exist in WebRTC when the session is running within an 'iframe' element that will allow the session to be accessible even when sharing is stopped and when returning to the website. This could result in the video inadvertently being shared. (CVE-2014-1585, CVE-2014-1586)
- Multiple memory safety flaws exist within the browser engine, which can likely be leveraged for denial of service or arbitrary code execution. (CVE-2014-1574, CVE-2014-1575)
Solution
Upgrade to Firefox ESR version 31.2, or later.
Plugin Details
Nessus ID: 78473
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:mozilla:firefox_esr
Patch Publication Date: 10/14/2014
Vulnerability Publication Date: 10/14/2014
Reference Information
CVE: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1580, CVE-2014-1581, CVE-2014-1582, CVE-2014-1583, CVE-2014-1584, CVE-2014-1585, CVE-2014-1586
BID: 70424, 70425, 70426, 70427, 70428, 70430, 70431, 70432, 70434, 70436, 70439, 70440