The version of Firefox installed on the remote Mac OS X host is prior to 44. It is, therefore, affected by the following vulnerabilities :
A cookie injection vulnerability exists due to illegal control characters being stored as cookie values in violation of RFC6265. A remote attacker can exploit this to inject cookies. (CVE-2015-7208)
Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2016-1930, CVE-2016-1931)
An integer overflow condition exists due to improper parsing of GIF images during deinterlacing. A remote attacker can exploit this, via a specially crafted GIF image, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1933)
A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935)
A content spoofing vulnerability exists due to the protocol handler dialog treating double click events as two single click events. A remote attacker can exploit this to spoof content, allowing the attacker to trick a user into performing malicious actions. (CVE-2016-1937)
A cryptographic weakness exists in Network Security Services (NSS) due to incorrect calculations with ‘mp_div’ and ‘mp_exptmod’. (CVE-2016-1938)
A cookie injection vulnerability exists due to illegal control characters being permitted in cookie names. A remote attacker can exploit this to inject cookies.
(CVE-2016-1939)
An URL spoofing vulnerability exists due to a flaw that is triggered during the handling of a URL that invalid for the internal protocol, causing the URL to be pasted into the address bar. A remote attacker can exploit this spoof URLs, allowing the attacker to trick a user into visiting a malicious website. (CVE-2016-1942)
An unspecified memory corruption issue exists in the ANGLE graphics library implementation. A remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-1944)
A wild pointer flaw exists due to improper handling of ZIP files. A remote attacker can exploit this, via a crafted ZIP file, to have an unspecified impact.
(CVE-2016-1945)
An integer overflow condition exists in the bundled version of libstagefright due to improper handling of MP4 file metadata. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1946)
A flaw exists in the safe browsing feature due to the Application Reputation service being unreachable. A remote attacker can exploit this to convince a user into downloading a malicious executable without being warned. (CVE-2016-1947)
A use-after-free error exists in Network Security Services (NSS) due to improper handling of failed allocations during DHE and ECDHE handshakes. An attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.
(CVE-2016-1978)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(88459);
script_version("1.11");
script_cvs_date("Date: 2019/11/20");
script_cve_id(
"CVE-2015-7208",
"CVE-2016-1930",
"CVE-2016-1931",
"CVE-2016-1933",
"CVE-2016-1935",
"CVE-2016-1937",
"CVE-2016-1938",
"CVE-2016-1939",
"CVE-2016-1941",
"CVE-2016-1942",
"CVE-2016-1944",
"CVE-2016-1945",
"CVE-2016-1946",
"CVE-2016-1947",
"CVE-2016-1978"
);
script_bugtraq_id(79280);
script_xref(name:"MFSA", value:"2016-01");
script_xref(name:"MFSA", value:"2016-02");
script_xref(name:"MFSA", value:"2016-03");
script_xref(name:"MFSA", value:"2016-04");
script_xref(name:"MFSA", value:"2016-06");
script_xref(name:"MFSA", value:"2016-07");
script_xref(name:"MFSA", value:"2016-08");
script_xref(name:"MFSA", value:"2016-09");
script_xref(name:"MFSA", value:"2016-10");
script_xref(name:"MFSA", value:"2016-11");
script_xref(name:"MFSA", value:"2016-15");
script_name(english:"Firefox < 44 Multiple Vulnerabilities (Mac OS X)");
script_summary(english:"Checks the version of Firefox.");
script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote Mac OS X host is prior
to 44. It is, therefore, affected by the following vulnerabilities :
- A cookie injection vulnerability exists due to illegal
control characters being stored as cookie values in
violation of RFC6265. A remote attacker can exploit this
to inject cookies. (CVE-2015-7208)
- Multiple unspecified memory corruption issues exist that
allow a remote attacker to execute arbitrary code.
(CVE-2016-1930, CVE-2016-1931)
- An integer overflow condition exists due to improper
parsing of GIF images during deinterlacing. A remote
attacker can exploit this, via a specially crafted GIF
image, to cause a denial of service condition or the
execution of arbitrary code. (CVE-2016-1933)
- A buffer overflow condition exists in WebGL that is
triggered when handling cache out-of-memory error
conditions. A remote attacker can exploit this to
execute arbitrary code. (CVE-2016-1935)
- A content spoofing vulnerability exists due to the
protocol handler dialog treating double click events as
two single click events. A remote attacker can exploit
this to spoof content, allowing the attacker to trick a
user into performing malicious actions. (CVE-2016-1937)
- A cryptographic weakness exists in Network Security
Services (NSS) due to incorrect calculations with
'mp_div' and 'mp_exptmod'. (CVE-2016-1938)
- A cookie injection vulnerability exists due to illegal
control characters being permitted in cookie names. A
remote attacker can exploit this to inject cookies.
(CVE-2016-1939)
- An URL spoofing vulnerability exists due to a flaw that
is triggered during the handling of a URL that invalid
for the internal protocol, causing the URL to be pasted
into the address bar. A remote attacker can exploit this
spoof URLs, allowing the attacker to trick a
user into visiting a malicious website. (CVE-2016-1942)
- An unspecified memory corruption issue exists in the
ANGLE graphics library implementation. A remote attacker
can exploit this to corrupt memory, resulting in the
execution of arbitrary code. (CVE-2016-1944)
- A wild pointer flaw exists due to improper handling of
ZIP files. A remote attacker can exploit this, via a
crafted ZIP file, to have an unspecified impact.
(CVE-2016-1945)
- An integer overflow condition exists in the bundled
version of libstagefright due to improper handling of
MP4 file metadata. A remote attacker can exploit this
to execute arbitrary code. (CVE-2016-1946)
- A flaw exists in the safe browsing feature due to the
Application Reputation service being unreachable. A
remote attacker can exploit this to convince a user
into downloading a malicious executable without being
warned. (CVE-2016-1947)
- A use-after-free error exists in Network Security
Services (NSS) due to improper handling of failed
allocations during DHE and ECDHE handshakes. An attacker
can exploit this to dereference already freed memory,
resulting in the execution of arbitrary code.
(CVE-2016-1978)");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox version 44 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1946");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/24");
script_set_attribute(attribute:"patch_publication_date", value:"2016/01/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_firefox_installed.nasl");
script_require_keys("MacOSX/Firefox/Installed");
exit(0);
}
include("mozilla_version.inc");
kb_base = "MacOSX/Firefox";
get_kb_item_or_exit(kb_base+"/Installed");
version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');
mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'44', severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1941
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1944
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1946
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1947
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978
www.mozilla.org/en-US/security/advisories/mfsa2016-01/
www.mozilla.org/en-US/security/advisories/mfsa2016-02/
www.mozilla.org/en-US/security/advisories/mfsa2016-03/
www.mozilla.org/en-US/security/advisories/mfsa2016-04/
www.mozilla.org/en-US/security/advisories/mfsa2016-06/
www.mozilla.org/en-US/security/advisories/mfsa2016-07/
www.mozilla.org/en-US/security/advisories/mfsa2016-08/
www.mozilla.org/en-US/security/advisories/mfsa2016-09/
www.mozilla.org/en-US/security/advisories/mfsa2016-10/
www.mozilla.org/en-US/security/advisories/mfsa2016-11/
www.mozilla.org/en-US/security/advisories/mfsa2016-15/