Mozilla Firefox ESR < 45.3 Multiple Vulnerabilities

Versions of Mozilla Firefox ESR less than or equal to 45.2 are unpatched for the following vulnerabilities :

• A flaw exists due to the program failing to close connections after requesting favicons. This may allow a context-dependent attacker to continue to send requests to the user’s browser and gain access to potentially sensitive information.
• A flaw exists in ‘js/src/frontend/Parser.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists in the ‘js::array_splice_impl()’ function in ‘js/src/jsarray.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists that is triggered as certain unspecified user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists in the ‘OSXNotificationCenter::ShowAlertWithIconData()’ function in ‘widget/cocoa/OSXNotificationCenter.mm’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A use-after-free condition exists in ‘dom/media/GraphDriver.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
• A flaw exists in the ‘Http2Session::TransactionHasDataToWrite()’ function in ‘netwerk/protocol/http/Http2Session.cpp’ and ‘SpdySession31::TransactionHasDataToWrite()’ function in ‘netwerk/protocol/http/SpdySession31.cpp’. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• An overflow condition exists in the ‘ClearKeyDecryptor::Decrypt()’ function in ‘media/gmp-clearkey/0.1/ClearKeyDecryptionManager.cpp’ used by the Encrypted Media Extensions (EME) API. The issue is triggered as user-supplied input is not properly validated when handling video files. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2016-2837)
• A use-after-free error exists in the ‘nsXULPopupManager::KeyDown()’ function in ‘layout/xul/nsXULPopupManager.cpp’. The issue is triggered when using the alt key in conjunction with top level menu items in Firefox. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.(CVE-2016-5254)
• A use-after-free error exists in ‘WebRTC’. The issue is triggered when handling ‘DTLS’ objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5258)
• A flaw exists that is due to event handler attributes on a ‘marquee’ tag being executed inside a sandboxed iframe that does not have the allow-scripts flag set. This may allow a context-dependent attacker to bypass XSS protection mechanisms. (CVE-2016-5262)
• A use-after-free error exists in the ‘nsNodeUtils::NativeAnonymousChildListChange()’ function. The issue is triggered when applying effects to SVG element. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5264)