Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities

Versions of Mozilla Firefox ESR earlier than 52.3 are unpatched for the following vulnerabilities :

• A flaw exists in the ‘Accessible::RemoveChild()’ function in ‘accessible/generic/Accessible.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A use-after-free error exists in the ‘nsMIMEHeaderParamImpl::DecodeRFC5987Param()’ function in ‘netwerk/mime/nsMIMEHeaderParamImpl.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
• A flaw exists in the ‘nsWindow::SetParent()’ function in ‘widget/windows/nsWindow.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A race condition exists in ‘media/webrtc/trunk/webrtc/modules/desktop_capture/screen_capturer_mac.mm’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• An unspecified flaw exists related to missing thread safety that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists in the ‘NotifyTrackRemoved()’ function in ‘dom/media/MediaRecorder.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists in the ‘InitGlobalLexicalOperation()’ function in ‘js/src/vm/Interpreter-inl.h’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists in the ‘js::FinishCompilation()’ function in ‘js/src/vm/TypeInference.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists in the ‘TypedArrayObjectTemplate::makeTemplateObject()’ function in ‘js/src/vm/TypedArrayObject.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor.
• An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor.
• A flaw exists in the ‘DocAccessible::DoARIAOwnsRelocation()’ function in ‘accessible/generic/DocAccessible.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists in the ‘nsFTPDirListingConv::DigestBufferLines()’ function in ‘netwerk/streamconv/converters/nsFTPDirListingConv.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor.
• A flaw exists in the ‘TraceSelf()’ function in ‘dom/bindings/TypedArray.h’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists in the ‘WebSocket::Send()’ function in ‘dom/base/WebSocket.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists in the ‘ExpressionDecompiler::decompilePC()’ function in ‘js/src/jsopcode.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists in the ‘IonBuilder::addOsrValueTypeBarrier()’ function in ‘js/src/jit/IonBuilder.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor.
• A flaw exists in the Developer Tools feature that is triggered as web page source code is not properly validated. This may allow a context-dependent attacker to inject and execute arbitrary XUL code.
• A use-after-free error exists in the ‘WebSocketImpl::Disconnect()’ function in ‘dom/base/WebSocket.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
• A use-after-free error exists that is triggered when re-computing the layout for marquee elements during window resizing. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
• A use-after-free error exists that is triggered when deleting attached editor DOM nodes. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
• A use-after-free error exists in the ‘nsImageLoadingContent::Notify()’ function in ‘dom/base/nsImageLoadingContent.cpp’ that is triggered when reading image observers during frame reconstruction. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
• A use-after-free error exists that is triggered when resizing image elements. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
• An overflow condition exists that is triggered as certain input is not properly validated when manipulation Accessible Rich Internet Applications (ARIA) attributes. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code.
• An overflow condition exists that is triggered as certain input is not properly validated when painting non-displayable SVG elements. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code.
• An out-of-bounds read flaw exists that is triggered when handling cached style data and pseudo-elements. This may allow a context-dependent attacker to potentially disclose sensitive memory contents.
• A flaw exists in the ‘nsDocShell::OnNewURI()’ function in ‘docshell/base/nsDocShell.cpp’ that is triggered when handling pages with embedded iframes during page reloads. With a specially crafted web page, a context-dependent attacker can bypass the same-origin policy.
• A flaw exists in the AppCache feature related to handling of websites under a subdirectory adding fallback pages. With a specially crafted website, a context-dependent attacker can hijack a domain.
• A flaw exists in the ‘openTabPrompt()’ and ‘openRemotePrompt()’ functions in ‘toolkit/components/prompts/src/nsPrompter.js’ that is triggered when handling page navigations with data: protocols and modal alerts. This may allow a context-dependent attacker to conduct spoofing attacks.
• A flaw exists in ‘xpcom/build/nsWindowsDllInterceptor.h’ that is triggered as WindowsDllDetourPatcher may allocate memory with RWX permissions. This may allow a context-dependent attacker to bypass intended DEP protection and more easily exploit another vulnerability that allows code execution.
• A sandbox directive. This may result in other directives being ignored and incorrect enforcement of the content security policy (CSP).
• A flaw exists in ‘xpcom/build/nsWindowsDllInterceptor.h’ that is triggered as the WindowsDllDetourPatcher class destructor may be re-purposed by malicious code. This may allow a context-dependent attacker to bypass memory protections.
• An overflow condition exists in ‘security/manager/ssl/nsNSSCertHelper.cpp’ that is triggered when viewing certificates with overly long OIDs. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code.