Mozilla Firefox ESR < 45.5 Multiple Vulnerabilities

Versions of Mozilla Firefox ESR earlier than 45.5 are unpatched for the following vulnerabilities :

• An overflow condition exists in the ‘RASTERIZE_EDGES()’ function in ‘gfx/cairo/libpixman/src/pixman-edge-imp.h’. The issue is triggered as certain input is not properly validated when handling SVG content. This may allow a context-dependent attacker to cause a heap-based overflow, potentially allowing the execution of arbitrary code.
• A flaw exists that is triggered when the Mozilla Updater is run with the updater’s log file in the working directory pointing to a hardlink. This may allow a local attacker to append data to an arbitrary local file.
• A flaw exists in the Mozilla Updater that is triggered as it may select an arbitrary target working directory to output files from the update process. No further details have been provided by the vendor.
• A flaw exists that is triggered when length checking JavaScript arguments. This may allow a context-dependent attacker to have an unspecified impact.
• A flaw exists that is triggered as add-on update IDs are not properly validated. This may allow an attacker with the ability to intercept network traffic ‘(e.g’. MitM, DNS cache poisoning) to provide malicious add-on updates.
• An integer overflow condition exists in the ‘nsScriptLoadHandler::TryDecodeRawData()’ function in ‘dom/base/nsScriptLoader.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code.
• A flaw exists in the ‘nsBaseChannel::Redirect()’ function in ‘netwerk/base/nsBaseChannel.cpp’. The issue is triggered as local shortcut files may be used to bypass the same-origin policy and load local content from the disk.
• An unspecified flaw exists in ‘divSpoiler’ that may allow an attacker to conduct a side-channel attack. No further details have been provided by the vendor.
• A flaw exists that is triggered when handling DOM tree operations for ‘insertBefore()’ method calls. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists that is triggered when handling Ion-compiling of scripts with too many typesets. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• An unspecified flaw exists related to tracing of script pointers in off-thread compilation tasks. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists that is triggered when handling runtime checks for helper threads tracing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists in the ‘GlobalHelperThreadState::finishParseTask()’ function in ‘js/src/vm/HelperThreads.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• An unspecified flaw exists that is triggered as certain input is not properly validated when handling frames. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• A flaw exists that is triggered as certain input is not properly validated when handling HTML5 tokenizing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
• An unspecified flaw exists in ‘dom/events/IMEStateManager.cpp’ that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.