Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.MOZILLA_FIREFOX_37_0.NASL
HistoryApr 01, 2015 - 12:00 a.m.

Firefox < 37.0 Multiple Vulnerabilities

2015-04-0100:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
9
JSON

The version of Firefox installed on the remote Windows host is prior to 37.0. It is, therefore, affected by the following vulnerabilities :

  • A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. Note that this is a variant of CVE-2015-0818 that was fixed in Firefox 36.0.4.
    (CVE-2015-0801)

  • Access to certain privileged internal methods is retained when navigating from windows created to contain privileged UI content to unprivileged pages. An attacker can exploit this to execute arbitrary JavaScript with elevated privileges. (CVE-2015-0802)

  • Multiple type confusion issues exist that can lead to use-after-free errors, which a remote attacker can exploit to execute arbitrary code or cause a denial of service. (CVE-2015-0803, CVE-2015-0804)

  • Multiple memory corruption issues exist related to Off Main Thread Compositing when rendering 2D graphics, which a remote attacker can exploit to execute arbitrary code or cause a denial of service. (CVE-2015-0805, CVE-2015-0806)

  • A cross-site request forgery (XSRF) vulnerability exists in the sendBeacon() function due to cross-origin resource sharing (CORS) requests following 30x redirections. (CVE-2015-0807)

  • An issue exists in WebRTC related to memory management for simple-style arrays, which may be used by a remote attacker to cause a denial of service. (CVE-2015-0808)

  • An out-of-bounds read issue exists in the QCMS color management library that could lead to an information disclosure. (CVE-2015-0811)

  • An issue exists that can allow a man-in-the-middle attacker to bypass user-confirmation and install a Firefox lightweight theme by spoofing a Mozilla sub-domain. (CVE-2015-0812)

  • Multiple memory safety issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and possibly execute arbitrary code.
    (CVE-2015-0814, CVE-2015-0815)

  • A privilege escalation vulnerability exists related to documents loaded through a ‘resource:’ URL. An attacker can exploit this to load pages and execute JavaScript with elevated privileges. (CVE-2015-0816)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(82503);
  script_version("1.9");
  script_cvs_date("Date: 2018/07/16 14:09:14");

  script_cve_id(
    "CVE-2015-0801",
    "CVE-2015-0802",
    "CVE-2015-0803",
    "CVE-2015-0804",
    "CVE-2015-0805",
    "CVE-2015-0806",
    "CVE-2015-0807",
    "CVE-2015-0808",
    "CVE-2015-0811",
    "CVE-2015-0812",
    "CVE-2015-0814",
    "CVE-2015-0815",
    "CVE-2015-0816"
  );
  script_bugtraq_id(
    73454,
    73455,
    73457,
    73458,
    73460,
    73461,
    73462,
    73464,
    73465,
    73466,
    73467
  );

  script_name(english:"Firefox < 37.0 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote Windows host is prior
to 37.0. It is, therefore, affected by the following vulnerabilities :

  - A privilege escalation vulnerability exists which
    relates to anchor navigation. A remote attacker can
    exploit this to bypass same-origin policy protections,
    allowing a possible execution of arbitrary scripts in a
    privileged context. Note that this is a variant of
    CVE-2015-0818 that was fixed in Firefox 36.0.4.
    (CVE-2015-0801)

  - Access to certain privileged internal methods is
    retained when navigating from windows created to contain
    privileged UI content to unprivileged pages. An attacker
    can exploit this to execute arbitrary JavaScript with
    elevated privileges. (CVE-2015-0802)

  - Multiple type confusion issues exist that can lead to
    use-after-free errors, which a remote attacker can
    exploit to execute arbitrary code or cause a denial of
    service. (CVE-2015-0803, CVE-2015-0804)

  - Multiple memory corruption issues exist related to Off
    Main Thread Compositing when rendering 2D graphics,
    which a remote attacker can exploit to execute arbitrary
    code or cause a denial of service. (CVE-2015-0805,
    CVE-2015-0806)

  - A cross-site request forgery (XSRF) vulnerability exists
    in the sendBeacon() function due to cross-origin
    resource sharing (CORS) requests following 30x
    redirections. (CVE-2015-0807)

  - An issue exists in WebRTC related to memory management
    for simple-style arrays, which may be used by a remote
    attacker to cause a denial of service. (CVE-2015-0808)

  - An out-of-bounds read issue exists in the QCMS color
    management library that could lead to an information
    disclosure. (CVE-2015-0811)

  - An issue exists that can allow a man-in-the-middle
    attacker to bypass user-confirmation and install a
    Firefox lightweight theme by spoofing a Mozilla
    sub-domain. (CVE-2015-0812)
  
  - Multiple memory safety issues exist within the browser
    engine. A remote attacker can exploit these to corrupt
    memory and possibly execute arbitrary code.
    (CVE-2015-0814, CVE-2015-0815)

  - A privilege escalation vulnerability exists related to
    documents loaded through a 'resource:' URL. An attacker
    can exploit this to load pages and execute JavaScript
    with elevated privileges. (CVE-2015-0816)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-32/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-34/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-36/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-37/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-40/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-42/");
  script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 37.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Firefox PDF.js Privileged Javascript Injection');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'37.0', severity:SECURITY_HOLE, xss:FALSE, xsrf:TRUE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

openvas 58
nessus 39
archlinux 3
ubuntu 3
suse 9
freebsd 2
kaspersky 2
securityvulns 1
veracode 6
debian 5
centos 3
oraclelinux 3
redhat 3
mageia 3
ibm 2
ubuntucve 13
mozilla 11
cve 13
prion 13
checkpoint_advisories 1
packetstorm 1
zdi 2
zdt 1
metasploit 1
osv 1
openvas
openvas
Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Windows
2015-04-06 00:00:00
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:0677-1)
2015-04-09 00:00:00
Ubuntu: Security Advisory (USN-2550-1)
2015-04-02 00:00:00
nessus
nessus
Firefox < 37.0 Multiple Vulnerabilities (Mac OS X)
2015-04-01 00:00:00
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2550-1)
2015-04-02 00:00:00
Mozilla Firefox < 37.0 Multiple Vulnerabilities
2015-04-29 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-04-01 00:00:00
thunderbird: multiple issues
2015-04-04 00:00:00
firefox: multiple issues
2015-03-21 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2015-04-01 00:00:00
Thunderbird vulnerabilities
2015-04-02 00:00:00
Firefox vulnerabilities
2015-03-22 00:00:00
suse
suse
Security update for MozillaFirefox, MozillaThunderbird, mozilla-nspr (important)
2015-04-08 11:04:49
Security update for MozillaFirefox (important)
2015-04-10 17:04:55
Security update for MozillaFirefox (important)
2015-04-10 18:04:46
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-03-31 00:00:00
mozilla -- multiple vulnerabilities
2015-03-20 00:00:00
kaspersky
kaspersky
KLA10525 Multiple vulnerabilities in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird
2015-03-31 00:00:00
KLA10477 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-03-20 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-04-08 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-05-02 05:12:57
Arbitrary Code Execution
2019-05-02 05:12:58
Denial Of Service (DoS)
2019-05-02 05:12:58
debian
debian
[SECURITY] [DSA 3211-1] iceweasel security update
2015-04-01 16:10:19
[SECURITY] [DSA 3211-1] iceweasel security update
2015-04-01 16:10:19
[SECURITY] [DSA 3212-1] icedove security update
2015-04-02 20:35:14
centos
centos
firefox, xulrunner security update
2015-03-31 23:44:15
thunderbird security update
2015-04-01 14:33:26
firefox security update
2015-03-25 17:46:36
oraclelinux
oraclelinux
firefox security update
2015-04-01 00:00:00
thunderbird security update
2015-04-01 00:00:00
firefox security update
2015-03-24 00:00:00
redhat
redhat
(RHSA-2015:0766) Critical: firefox security update
2015-03-31 00:00:00
(RHSA-2015:0771) Important: thunderbird security update
2015-04-01 00:00:00
(RHSA-2015:0718) Critical: firefox security update
2015-03-24 09:55:07
mageia
mageia
Updated firefox & thunderbird packages fix security vulnerabilities
2015-04-03 16:11:23
Updated iceape packages fix security vulnerabilities
2015-09-08 10:20:40
Updated firefox packages fix security vulnerabilities
2015-03-24 02:58:37
ibm
ibm
Security Bulletin: Open Source Mozilla Firefox vulnerability in IBM Storwize V7000 Unified (CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816,CVE-2015-0817, CVE-2015-0818, CVE-2015-2708, CVE-2015-2709)
2018-06-18 00:09:39
Security Bulletin: Open Source Mozilla Firefox vulnerability in IBM SONAS (CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816,CVE-2015-0817, CVE-2015-0818, CVE-2015-2708, CVE-2015-2709)
2018-06-18 00:09:30
ubuntucve
ubuntucve
CVE-2015-0801
2015-04-01 00:00:00
CVE-2015-0818
2015-03-22 00:00:00
CVE-2015-0808
2015-04-01 00:00:00
mozilla
mozilla
Memory corruption crashes in Off Main Thread Compositing — Mozilla
2015-03-31 00:00:00
Use-after-free due to type confusion flaws — Mozilla
2015-03-31 00:00:00
Miscellaneous memory safety hazards (rv:37.0 / rv:31.6) — Mozilla
2015-03-31 00:00:00
cve
cve
CVE-2015-0801
2015-04-01 10:59:00
CVE-2015-0808
2015-04-01 10:59:00
CVE-2015-0818
2015-03-24 00:59:00
prion
prion
Design/Logic Flaw
2015-04-01 10:59:00
Design/Logic Flaw
2015-03-24 00:59:00
Out-of-bounds
2015-04-01 10:59:00
checkpoint_advisories
checkpoint_advisories
Firefox PDF.js Javascript Injection (CVE-2015-0802; CVE-2015-0816)
2017-08-29 00:00:00
packetstorm
packetstorm
Firefox PDF.js Privileged Javascript Injection
2015-08-23 00:00:00
zdi
zdi
(Pwn2Own) Mozilla Firefox SVG DOMAttrModified Same-Origin Policy Bypass Vulnerability
2015-04-03 00:00:00
(Pwn2Own) Mozilla Firefox resource: URL Remote Code Execution Vulnerability
2015-04-03 00:00:00
zdt
zdt
Firefox PDF.js Privileged Javascript Injection Exploit
2015-08-23 00:00:00
metasploit
metasploit
Firefox PDF.js Privileged Javascript Injection
2015-08-16 01:02:00
osv
osv
iceweasel - security update
2015-03-22 00:00:00
JSON
Related for MOZILLA_FIREFOX_37_0.NASL
openvas58nessus39archlinux3ubuntu3suse9freebsd2kaspersky2securityvulns1veracode6debian5centos3oraclelinux3redhat3mageia3ibm2ubuntucve13mozilla11cve13prion13checkpoint_advisories1packetstorm1zdi2zdt1metasploit1osv1