Mozilla Firefox < 44.0 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9075

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The version of Firefox is prior to 44.0 and is affected by multiple vulnerabilities :

- Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-1930, CVE-2016-1931)
- An integer overflow condition exists due to improper parsing of GIF images during deinterlacing. A remote attacker can exploit this, via a specially crafted GIF image, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1933)
- A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935)
- A content spoofing vulnerability exists due to the protocol handler dialog treating double click events as two single click events. A remote attacker can exploit this to spoof content, allowing the attacker to trick a user into performing malicious actions. (CVE-2016-1937)
- A cryptographic weakness exists in Network Security Services (NSS) due to incorrect calculations with 'mp_div' and 'mp_exptmod'. (CVE-2016-1938)
- A cookie injection vulnerability exists due to illegal control characters being permitted in cookie names. A remote attacker can exploit this to inject cookies. (CVE-2016-1939)
- A flaw exists that is triggered as the delay between the download dialog getting focus and the button getting enabled is too short. If a context-dependent attacker can trick a user into double clicking in a specific location, they can pass the second click through to a dialog below that location. This will allow the attacker to cause the user to perform unintentional actions. (CVE-2016-1941)
- An URL spoofing vulnerability exists due to a flaw that is triggered during the handling of a URL that invalid for the internal protocol, causing the URL to be pasted into the address bar. A remote attacker can exploit this spoof URLs, allowing the attacker to trick a user into visiting a malicious website. (CVE-2016-1942)
- An unspecified memory corruption issue exists in the ANGLE graphics library implementation. A remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-1944)
- A wild pointer flaw exists due to improper handling of ZIP files. A remote attacker can exploit this, via a crafted ZIP file, to have an unspecified impact. (CVE-2016-1945)
- An integer overflow condition exists in the bundled version of libstagefright due to improper handling of MP4 file metadata. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1946)
- A flaw exists in the safe browsing feature due to the Application Reputation service being unreachable. A remote attacker can exploit this to convince a user into downloading a malicious executable without being warned. (CVE-2016-1947)

Solution

Upgrade to Firefox 44 or later.

Plugin Details

Severity: Critical

ID: 9075

Family: Web Clients

Published: 2/19/2016

Updated: 3/6/2019

Nessus ID: 88459, 88461

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Patch Publication Date: 2/12/2016

Vulnerability Publication Date: 1/27/2016

Reference Information

CVE: CVE-2016-1930, CVE-2016-1931, CVE-2016-1933, CVE-2016-1935, CVE-2016-1937, CVE-2016-1938, CVE-2016-1939, CVE-2016-1941, CVE-2016-1942, CVE-2016-1944, CVE-2016-1945, CVE-2016-1946, CVE-2016-1947

BID: 79280

Detections

Analytics