The version of Firefox installed on the remote Mac OS X host is prior to 43. It is, therefore, affected by the following vulnerabilities :
Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues by convincing a user to visit a specially crafted web page, resulting in the execution of arbitrary code. (CVE-2015-7201)
Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues by convincing a user to visit a specially crafted web page, resulting in the execution of arbitrary code. (CVE-2015-7202)
An overflow condition exists in the LoadFontFamilyData() function due to improper validation of user-supplied input. A remote attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-7203)
A flaw exists in the PropertyWriteNeedsTypeBarrier() function due to improper handling of unboxed objects during JavaScript variable assignments. A remote attacker can exploit this to execute arbitrary code.
(CVE-2015-7204)
A flaw exists in the RtpHeaderParser::Parse() function due to improper handling of RTP headers. An unauthenticated, remote attacker can exploit this, via specially crafted RTP headers, to execute arbitrary code. (CVE-2015-7205)
A same-origin bypass vulnerability exists that is triggered after a redirect when the function is used alongside an iframe to host a page. An attacker can exploit this to gain access to cross-origin URL information. (CVE-2015-7207)
The SetCookieInternal() function improperly allows control characters (e.g. ASCII code 11) to be inserted into cookies. An attacker can exploit this to inject cookies. (CVE-2015-7208)
A use-after-free error exists due to improper prevention of datachannel operations on closed PeerConnections. An attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.
(CVE-2015-7210)
A flaw exists in the ParseURI() function due to improper handling of a hash (#) character in the data: URI. An attacker can exploit this to spoof the URL bar.
(CVE-2015-7211)
An integer overflow condition exists in the readMetaData() function due to improper validation of user-supplied input when handling a specially crafted MP4 file. An attacker can exploit this to execute arbitrary code. (CVE-2015-7213)
A same-origin bypass vulnerability exists due to improper handling of ‘data:’ and ‘view-source:’ URIs. An attacker can exploit this to read data from cross-site URLs and local files. (CVE-2015-7214)
An information disclosure vulnerability exists due to improper handling of error events in web workers. An attacker can exploit this to gain access to sensitive cross-origin information. (CVE-2015-7215)
Multiple integer underflow conditions exist due to improper validation of user-supplied input when handling HTTP2 frames. An attacker can exploit these to crash the application, resulting in a denial of service.
(CVE-2015-7218, CVE-2015-7219)
An overflow condition exists in the XDRBuffer::grow() function due to improper validation of user-supplied input. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code.
(CVE-2015-7220)
An overflow condition exists in the GrowCapacity() function due to improper validation of user-supplied input. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code.
(CVE-2015-7221)
An integer underflow condition exists in the bundled version of libstagefright in the parseChunk() function that is triggered when handling ‘covr’ chunks. An unauthenticated, remote attacker can exploit this, via specially crafted media content, to crash the application or execute arbitrary code. (CVE-2015-7222)
A privilege escalation vulnerability exists in the Extension.jsm script due to a failure to restrict WebExtension APIs from being injected into documents without WebExtension principals. An attacker can exploit this to conduct a cross-site scripting attack, resulting in the execution of arbitrary script code in a user’s browser session. (CVE-2015-7223)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(87474);
script_version("1.10");
script_cvs_date("Date: 2019/11/20");
script_cve_id(
"CVE-2015-7201",
"CVE-2015-7202",
"CVE-2015-7203",
"CVE-2015-7204",
"CVE-2015-7205",
"CVE-2015-7207",
"CVE-2015-7208",
"CVE-2015-7210",
"CVE-2015-7211",
"CVE-2015-7212",
"CVE-2015-7213",
"CVE-2015-7214",
"CVE-2015-7215",
"CVE-2015-7218",
"CVE-2015-7219",
"CVE-2015-7220",
"CVE-2015-7221",
"CVE-2015-7222",
"CVE-2015-7223"
);
script_bugtraq_id(79279, 79280, 79283);
script_name(english:"Firefox < 43 Multiple Vulnerabilities (Mac OS X)");
script_summary(english:"Checks the version of Firefox.");
script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote Mac OS X host is prior
to 43. It is, therefore, affected by the following vulnerabilities :
- Multiple unspecified memory corruption issues exist due
to improper validation of user-supplied input. A remote
attacker can exploit these issues by convincing a user
to visit a specially crafted web page, resulting in the
execution of arbitrary code. (CVE-2015-7201)
- Multiple unspecified memory corruption issues exist due
to improper validation of user-supplied input. A remote
attacker can exploit these issues by convincing a user
to visit a specially crafted web page, resulting in the
execution of arbitrary code. (CVE-2015-7202)
- An overflow condition exists in the LoadFontFamilyData()
function due to improper validation of user-supplied
input. A remote attacker can exploit this to cause a
buffer overflow, resulting in the execution of arbitrary
code. (CVE-2015-7203)
- A flaw exists in the PropertyWriteNeedsTypeBarrier()
function due to improper handling of unboxed objects
during JavaScript variable assignments. A remote
attacker can exploit this to execute arbitrary code.
(CVE-2015-7204)
- A flaw exists in the RtpHeaderParser::Parse() function
due to improper handling of RTP headers. An
unauthenticated, remote attacker can exploit this, via
specially crafted RTP headers, to execute arbitrary
code. (CVE-2015-7205)
- A same-origin bypass vulnerability exists that is
triggered after a redirect when the function is used
alongside an iframe to host a page. An attacker can
exploit this to gain access to cross-origin URL
information. (CVE-2015-7207)
- The SetCookieInternal() function improperly allows
control characters (e.g. ASCII code 11) to be inserted
into cookies. An attacker can exploit this to inject
cookies. (CVE-2015-7208)
- A use-after-free error exists due to improper prevention
of datachannel operations on closed PeerConnections. An
attacker can exploit this to dereference already freed
memory, resulting in the execution of arbitrary code.
(CVE-2015-7210)
- A flaw exists in the ParseURI() function due to improper
handling of a hash (#) character in the data: URI. An
attacker can exploit this to spoof the URL bar.
(CVE-2015-7211)
- An integer overflow condition exists in the
readMetaData() function due to improper validation of
user-supplied input when handling a specially crafted
MP4 file. An attacker can exploit this to execute
arbitrary code. (CVE-2015-7213)
- A same-origin bypass vulnerability exists due to
improper handling of 'data:' and 'view-source:' URIs. An
attacker can exploit this to read data from cross-site
URLs and local files. (CVE-2015-7214)
- An information disclosure vulnerability exists due to
improper handling of error events in web workers. An
attacker can exploit this to gain access to sensitive
cross-origin information. (CVE-2015-7215)
- Multiple integer underflow conditions exist due to
improper validation of user-supplied input when
handling HTTP2 frames. An attacker can exploit these to
crash the application, resulting in a denial of service.
(CVE-2015-7218, CVE-2015-7219)
- An overflow condition exists in the XDRBuffer::grow()
function due to improper validation of user-supplied
input. An attacker can exploit this to cause a buffer
overflow, resulting in the execution of arbitrary code.
(CVE-2015-7220)
- An overflow condition exists in the GrowCapacity()
function due to improper validation of user-supplied
input. An attacker can exploit this to cause a buffer
overflow, resulting in the execution of arbitrary code.
(CVE-2015-7221)
- An integer underflow condition exists in the bundled
version of libstagefright in the parseChunk() function
that is triggered when handling 'covr' chunks. An
unauthenticated, remote attacker can exploit this, via
specially crafted media content, to crash the
application or execute arbitrary code. (CVE-2015-7222)
- A privilege escalation vulnerability exists in the
Extension.jsm script due to a failure to restrict
WebExtension APIs from being injected into documents
without WebExtension principals. An attacker can exploit
this to conduct a cross-site scripting attack, resulting
in the execution of arbitrary script code in a user's
browser session. (CVE-2015-7223)");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-135/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-140/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-141/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-148/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 43 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7221");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/15");
script_set_attribute(attribute:"patch_publication_date", value:"2015/12/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_firefox_installed.nasl");
script_require_keys("MacOSX/Firefox/Installed");
exit(0);
}
include("mozilla_version.inc");
kb_base = "MacOSX/Firefox";
get_kb_item_or_exit(kb_base+"/Installed");
version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');
mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'43', severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7210
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7211
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7215
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7218
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7219
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7220
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7221
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7222
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7223
www.mozilla.org/en-US/security/advisories/mfsa2015-134/
www.mozilla.org/en-US/security/advisories/mfsa2015-135/
www.mozilla.org/en-US/security/advisories/mfsa2015-136/
www.mozilla.org/en-US/security/advisories/mfsa2015-137/
www.mozilla.org/en-US/security/advisories/mfsa2015-138/
www.mozilla.org/en-US/security/advisories/mfsa2015-139/
www.mozilla.org/en-US/security/advisories/mfsa2015-140/
www.mozilla.org/en-US/security/advisories/mfsa2015-141/
www.mozilla.org/en-US/security/advisories/mfsa2015-142/
www.mozilla.org/en-US/security/advisories/mfsa2015-144/
www.mozilla.org/en-US/security/advisories/mfsa2015-145/
www.mozilla.org/en-US/security/advisories/mfsa2015-146/
www.mozilla.org/en-US/security/advisories/mfsa2015-147/
www.mozilla.org/en-US/security/advisories/mfsa2015-148/
www.mozilla.org/en-US/security/advisories/mfsa2015-149/