Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable802023.PRM
HistorySep 07, 2016 - 12:00 a.m.

Firefox < 45 Multiple Vulnerabilities

2016-09-0700:00:00
Tenable
www.tenable.com
20
JSON

The specific version of Firefox that the system is running is reportedly affected by the following vulnerabilities:

  • Mozilla Firefox contains a flaw in the ValueNumberer::fixupOSROnlyLoop() function in jit/ValueNumbering.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

  • Mozilla Firefox contains a flaw in the Downscaler::BeginFrame() function in image/Downscaler.cpp that is triggered when failing to compute filters for image downscaling. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

  • Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

  • Mozilla Firefox contains a flaw in the JSScript::maybeSweepTypes() function in vm/TypeInference.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

  • Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

  • Mozilla Firefox contains a flaw in the DispatchEvents() function in layout/style/nsAnimationManager.h and layout/style/nsTransitionManager.h that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

  • Mozilla Firefox contains a flaw in dom/base/Console.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

  • Mozilla Firefox contains a flaw in the PeerConnectionMedia::SelfDestruct_m() function in media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

  • Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

  • Mozilla Firefox contains a flaw in the nsICODecoder::ReadDirEntry() function in image/decoders/nsICODecoder.cpp that is triggered when rendering ICO sub-images. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in the nsIDNService::IDNA2008ToUnicode() function in netwerk/dns/nsIDNService.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated when handling image decoding. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in the DiscardTransferables() function in vm/StructuredClone.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in the Assembler::GetCF32Target() function in jit/arm/Assembler-arm.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in the GetPcScript() function in jit/JitFrames.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in the JSFunction::isDerivedClassConstructor() function in js/src/jsfun.cpp that is triggered when handling lazy self-hosted functions. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in js/src/jit/Lowering.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in the EventListenerManager::HandleEventInternal() function in dom/events/EventListenerManager.cpp. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in layout/base/nsRefreshDriver.cpp that is triggered when handling transition events. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in dom/media/systemservices/CamerasChild.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • libvpx contains a flaw in the vp8_mb_init_dequantizer() function in vp8/decoder/decodeframe.c that is triggered as user-supplied input is not properly validated. With specially crafted media content, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • libvpx contains a flaw in the vp8_loop_filter_frame_init() function in media/libvpx/vp8/common/loopfilter.c that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in dom/xslt/xslt/txMozillaTextOutput.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in dom/gamepad/windows/WindowsGamepad.cpp that is triggered when handling WindowsGamepadService shutdown. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

  • Mozilla Firefox contains a flaw in the nsCSPContext::SendReports() function in dom/security/nsCSPContext.cpp that is triggered during the handling of Content Security Policy (CSP) violation reports. This may allow a context-dependent attacker to overwrite arbitrary files on a user’s machine and potentially gain elevated privileges. (CVE-2016-1954)

  • Mozilla Firefox contains a flaw in dom/security/nsCSPContext.cpp that is due to Content Security Policy (CSP) violation reports containing full path information for cross-origin iframe navigations in violation of the CSP specification. This may allow a context-dependent attacker to gain unauthorized access to sensitive information. (CVE-2016-1955)

  • Mozilla Firefox contains a flaw in gfx/gl/GLContext.cpp when using Intel Video cards that is triggered when performing WebGL operations that require a large amount buffer to be allocated from video memory. This may allow a context-dependent to cause a consumption of memory resources that will persist until the system has been restarted. (CVE-2016-1956)

  • Google Stagefright contains a flaw that is triggered during the handling of array destruction during MPEG4 video file processing. This may allow a context-dependent attacker to cause a memory leak, with unspecified consequences.
    (CVE-2016-1957)

  • Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to spoof the user’s address bar. No further details have been provided. (CVE-2016-1958)

  • Mozilla Firefox contains a flaw in Service Worker Manager that is triggered when handling the Clients API. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1959)

  • Mozilla Firefox contains a use-after-free error in the HTML5 string parser. The issue is triggered when parsing a set of table-related tags in a foreign fragment context such as SVG. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1960)

  • Mozilla Firefox contains a use-after-free error in the nsHTMLDocument::SetBody() function in dom/html/nsHTMLDocument.cpp. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1961)

  • Mozilla Firefox contains a use-after-free error in netwerk/sctp/datachannel/DataChannel.cpp when using multiple WebRTC data channel connections and freeing a data channel connection from within a call. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1962)

  • Mozilla Firefox contains a flaw in the FileReader::DoReadData() function in dom/base/FileReader.cpp. The issue is triggered as user-supplied input is not properly validated when handling modifications to local files that occur while they are being read with the FileReader API. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1963)

  • Mozilla Firefox contains a use-after-free error in the txAttribute::execute() function in dom/xslt/xslt/txInstructions.cpp that is triggered when handling XML transformation operations. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1964)

  • Mozilla Firefox contains a flaw in the nsLocation::SetProtocol() function in dom/base/nsLocation.cpp that is triggered when handling history navigation in combination with the location protocol property. This may allow a context-dependent attacker to spoof the contents of the address bar. (CVE-2016-1965)

  • Mozilla Firefox contains a flaw that is triggered when handling history navigation in a restored browser session. This may potentially allow a context-dependent attacker to gain unauthorized access to cross-origin URL information. (CVE-2016-1967)

  • Mozilla Firefox contains a pointer underflow condition in the Brotli library. The issue is triggered as user-supplied input is not properly validated when the library is performing decompression. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2016-1968)

  • Mozilla Firefox contains a use-after-free flaw in the Netscape Plugin Application Programming Interface (NPAPI) plugin within the nsNPObjWrapper::GetNewOrUsed() function in dom/plugins/base/nsJSNPRuntime.cpp. The issue is triggered when handling malicious scripted web content in concert with the plugin. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1966)

  • Mozilla Firefox contains an integer underflow condition in the srtp_unprotect() function in netwerk/srtp/src/srtp/srtp.c that is triggered when handling SRTP packet lenghts. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1970)

  • Mozilla Firefox contains a flaw in the I420VideoFrame::CreateFrame() function in WebRTC. The issue is triggered as user-supplied input is not properly validated due to a missing status check. This may potentially allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1971)

  • Mozilla Firefox contains a race condition in dom/media/systemservices/CamerasChild.h. The issue is triggered as user-supplied input is not properly validated when handling block-level statistics. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1975)

  • Mozilla Firefox contains a use-after-free flaw in DesktopDisplayDevice::operator= in media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_device_info.cc. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1976)

  • libvpx contains a use-after-free error in vpx_ports/vpx_once.h related to a race condition. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
    (CVE-2016-1972)

  • Mozilla Firefox contains a use-after-free error that is triggered by a race condition in GetStaticInstance in WebRTC. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1973)

  • Mozilla Firefox contains a flaw in the nsScannerString::AppendUnicodeTo() function in parser/htmlparser/nsScannerString.cpp. The issue is triggered when the program fails to allocate memory during handling of unicode strings. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1974)

  • Mozilla Network Security Services (NSS) contains a use-after-free error in the PK11_ImportDERPrivateKeyInfoAndReturnKey() function. The issue is triggered when handling DER encoded keys. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
    (CVE-2016-1979)

  • Graphite/Libgraphite contains a flaw in the Machine::Code::decoder::analysis::set_ref() function. The issue is triggered as user-supplied input is not properly validated. With a specially crafted font, a context-dependent attacker can corrupt memory to cause a denial of service in a process linked against the library or potentially execute arbitrary code. (CVE-2016-1977)

  • Graphite/Libgraphite contains a flaw in the GetTableInfo() function in TtfUtil.cpp related to the use of uninitialized memory when handling a specially crafted font. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-2790)

  • Graphite/Libgraphite contains an out-of-bounds read flaw in the GlyphCache::glyph() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2791)

  • Graphite/Libgraphite contains an out-of-bounds read flaw in the getAttr() function in Slot.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2792)

  • Graphite/Libgraphite contains an out-of-bounds read flaw in CachedCmap.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2793)

  • Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable12NextCodepoint() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2794)

  • Graphite/Libgraphite contains a flaw in the FileFace::get_table_fn() function related to the use of uninitialized memory when handling a specially crafted font. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-2795)

  • Graphite/Libgraphite contains an out-of-bounds write flaw in the vm::Machine::Code::Code() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-2796)

  • Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable12Lookup() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2797)

  • Graphite/Libgraphite contains an out-of-bounds read flaw in the GlyphCache::Loader::Loader() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2798)

  • Graphite/Libgraphite contains an out-of-bounds write flaw in the setAttr() function in Slot.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-2799)

  • Graphite/Libgraphite contains an out-of-bounds read flaw in the getAttr() function in Slot.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2800)

  • Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable12Lookup() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2801)

  • Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable4NextCodepoint() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2802)

  • Graphite/Libgraphite contains an out-of-bounds write flaw in the setAttr() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1969)

Binary data 802023.prm

References

Related

nessus 36
ubuntu 5
veracode 25
oraclelinux 2
openvas 49
suse 11
archlinux 3
redhat 2
centos 2
kaspersky 1
osv 2
freebsd 2
debian 3
mageia 3
mozilla 4
gentoo 2
prion 11
ubuntucve 11
debiancve 7
cvelist 13
cve 5
nessus
nessus
Ubuntu 14.04 LTS : Firefox regressions (USN-2917-2)
2016-04-08 00:00:00
Firefox < 45 Multiple Vulnerabilities (Mac OS X)
2016-03-11 00:00:00
Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0373)
2016-03-10 00:00:00
ubuntu
ubuntu
Firefox regressions
2016-04-19 00:00:00
Firefox regressions
2016-04-07 00:00:00
Firefox vulnerabilities
2016-03-09 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:27:23
Denial Of Service (DoS)
2019-05-02 05:27:25
Use-After-Free
2019-05-02 05:27:22
oraclelinux
oraclelinux
firefox security update
2016-03-09 00:00:00
thunderbird security update
2016-03-16 00:00:00
openvas
openvas
RedHat Update for firefox RHSA-2016:0373-01
2016-03-10 00:00:00
CentOS Update for firefox CESA-2016:0373 centos6
2016-03-10 00:00:00
openSUSE: Security Advisory for Firefox (openSUSE-SU-2016:0733-1)
2016-03-13 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2016-03-12 00:12:33
Security update for Firefox (important)
2016-03-12 13:12:05
Security update for MozillaThunderbird (important)
2016-03-26 17:08:36
archlinux
archlinux
firefox: multiple issues
2016-03-09 00:00:00
thunderbird: multiple issues
2016-03-20 00:00:00
thunderbird: multiple issues
2016-04-23 00:00:00
redhat
redhat
(RHSA-2016:0460) Important: thunderbird security update
2016-03-16 00:00:00
(RHSA-2016:0373) Critical: firefox security update
2016-03-09 00:00:00
centos
centos
thunderbird security update
2016-03-16 17:52:15
firefox security update
2016-03-09 06:42:15
kaspersky
kaspersky
KLA10765 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-03-08 00:00:00
osv
osv
iceweasel - security update
2016-03-09 00:00:00
graphite2 - security update
2016-03-13 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-03-08 00:00:00
graphite2 -- multiple vulnerabilities
2016-03-08 00:00:00
debian
debian
[SECURITY] [DSA 3520-1] icedove security update
2016-03-18 21:06:06
[SECURITY] [DSA 3510-1] iceweasel security update
2016-03-09 18:27:44
[SECURITY] [DSA 3515-1] graphite2 security update
2016-03-13 19:13:59
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2016-03-16 21:07:23
Updated graphite2 package fixes security vulnerabilities
2016-03-07 14:20:30
Updated firefox packages fix security vulnerabilities
2016-03-10 01:57:53
mozilla
mozilla
Font vulnerabilities in the Graphite 2 library — Mozilla
2016-03-08 00:00:00
WebRTC and LibVPX vulnerabilities found through code inspection — Mozilla
2016-03-08 00:00:00
Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) — Mozilla
2016-03-08 00:00:00
gentoo
gentoo
Graphite: Multiple vulnerabilities
2017-01-24 00:00:00
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00
prion
prion
Design/Logic Flaw
2016-03-13 18:59:00
Design/Logic Flaw
2016-03-13 18:59:00
Design/Logic Flaw
2016-03-13 18:59:00
ubuntucve
ubuntucve
CVE-2016-2800
2016-03-08 00:00:00
CVE-2016-2797
2016-03-08 00:00:00
CVE-2016-2792
2016-03-08 00:00:00
debiancve
debiancve
CVE-2016-2800
2016-03-13 18:59:39
CVE-2016-2792
2016-03-13 18:59:31
CVE-2016-2797
2016-03-13 18:59:36
cvelist
cvelist
CVE-2016-2797
2016-03-13 18:00:00
CVE-2016-2792
2016-03-13 18:00:00
CVE-2016-2800
2016-03-13 18:00:00
cve
cve
CVE-2016-1969
2016-03-13 18:59:18
CVE-2016-1970
2016-03-13 18:59:19
CVE-2016-2792
2016-03-13 18:59:31
JSON
Related for 802023.PRM
nessus36ubuntu5veracode25oraclelinux2openvas49suse11archlinux3redhat2centos2kaspersky1osv2freebsd2debian3mageia3mozilla4gentoo2prion11ubuntucve11debiancve7cvelist13cve5