Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MOZILLA_FIREFOX_39_0.NASL
HistoryJul 07, 2015 - 12:00 a.m.

Firefox < 39.0 Multiple Vulnerabilities (Logjam)

2015-07-0700:00:00
This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
100
JSON

The version of Firefox installed on the remote Windows host is prior to 39.0. It is, therefore, affected by multiple vulnerabilities :

  • A security downgrade vulnerability exists due to a flaw in Network Security Services (NSS). When a client allows for a ECDHE_ECDSA exchange, but the server does not send a ServerKeyExchange message, the NSS client will take the EC key from the ECDSA certificate. A remote attacker can exploit this to silently downgrade the exchange to a non-forward secret mixed-ECDH exchange. (CVE-2015-2721)

  • Multiple user-after-free errors exist when using an XMLHttpRequest object in concert with either shared or dedicated workers. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2722, CVE-2015-2733)

  • Multiple memory corruption issues exist that allow an attacker to cause a denial of service condition or potentially execute arbitrary code. (CVE-2015-2724, CVE-2015-2725)

  • A security bypass vulnerability exists due to a failure to preserve context restrictions. A remote attacker can exploit this, via a crafted web site that is accessed with unspecified mouse and keyboard actions, to read arbitrary files or execute arbitrary JavaScript code.
    (CVE-2015-2727)

  • A type confusion flaw exists in the Indexed Database Manager’s handling of IDBDatabase. A remote attacker can exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-2728)

  • An out-of-bounds read flaw exists in the AudioParamTimeline::AudioNodeInputValue() function when computing oscillator rending ranges. An attacker can exploit this to disclose the contents of four bytes of memory or cause a denial of service condition.
    (CVE-2015-2729)

  • A signature spoofing vulnerability exists due to a flaw in Network Security Services (NSS) in its Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation. A remote attacker can exploit this to forge signatures. (CVE-2015-2730)

  • A use-after-free error exists in the CSPService::ShouldLoad() function when modifying the Document Object Model to remove a DOM object. An attacker can exploit this to dereference already freed memory, potentially resulting in the execution of arbitrary code. (CVE-2015-2731)

  • An uninitialized memory use issue exists in the CairoTextureClientD3D9::BorrowDrawTarget() function, the ::d3d11::SetBufferData() function, and the YCbCrImageDataDeserializer::ToDataSourceSurface() function. The impact is unspecified. (CVE-2015-2734, CVE-2015-2737, CVE-2015-2738)

  • A memory corruption issue exists in the nsZipArchive::GetDataOffset() function due to improper string length checks. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2735)

  • A memory corruption issue exists in the nsZipArchive::BuildFileList() function due to improper validation of user-supplied input. An attacker can exploit this, via a crafted ZIP archive, to potentially execute arbitrary code. (CVE-2015-2736)

  • An unspecified memory corruption issue exists in the ArrayBufferBuilder::append() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code.
    (CVE-2015-2739)

  • A buffer overflow condition exists in the nsXMLHttpRequest::AppendToResponseText() function due to improper validation of user-supplied input. An attacker can exploit this to potentially execute arbitrary code.
    (CVE-2015-2740)

  • A security bypass vulnerability exists due to a flaw in certificate pinning checks. Key pinning is not enforced upon encountering an X.509 certificate problem that generates a user dialog. A man-in-the-middle attacker can exploit this to bypass intended access restrictions.
    (CVE-2015-2741)

  • A privilege escalation vulnerability exists in the PDF viewer (PDF.js) due to internal workers being executed insecurely. An attacker can exploit this, by leveraging a Same Origin Policy bypass, to execute arbitrary code.
    (CVE-2015-2743)

  • A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(84581);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2015-2721",
    "CVE-2015-2722",
    "CVE-2015-2724",
    "CVE-2015-2727",
    "CVE-2015-2728",
    "CVE-2015-2729",
    "CVE-2015-2730",
    "CVE-2015-2731",
    "CVE-2015-2733",
    "CVE-2015-2734",
    "CVE-2015-2735",
    "CVE-2015-2736",
    "CVE-2015-2737",
    "CVE-2015-2738",
    "CVE-2015-2739",
    "CVE-2015-2740",
    "CVE-2015-2741",
    "CVE-2015-2743",
    "CVE-2015-4000"
  );
  script_bugtraq_id(74733);
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"Firefox < 39.0 Multiple Vulnerabilities (Logjam)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote Windows host is prior
to 39.0. It is, therefore, affected by multiple vulnerabilities :

  - A security downgrade vulnerability exists due to a flaw
    in Network Security Services (NSS). When a client allows
    for a ECDHE_ECDSA exchange, but the server does not send 
    a ServerKeyExchange message, the NSS client will take
    the EC key from the ECDSA certificate. A remote attacker
    can exploit this to silently downgrade the exchange to a
    non-forward secret mixed-ECDH exchange. (CVE-2015-2721)

  - Multiple user-after-free errors exist when using an
    XMLHttpRequest object in concert with either shared or
    dedicated workers. A remote attacker can exploit this
    to cause a denial of service condition. (CVE-2015-2722,
    CVE-2015-2733)

  - Multiple memory corruption issues exist that allow an
    attacker to cause a denial of service condition or
    potentially execute arbitrary code. (CVE-2015-2724,
    CVE-2015-2725)

  - A security bypass vulnerability exists due to a failure
    to preserve context restrictions. A remote attacker can
    exploit this, via a crafted web site that is accessed
    with unspecified mouse and keyboard actions, to read
    arbitrary files or execute arbitrary JavaScript code.
    (CVE-2015-2727)

  - A type confusion flaw exists in the Indexed Database
    Manager's handling of IDBDatabase. A remote attacker can
    exploit this to cause a denial of service condition or
    to execute arbitrary code. (CVE-2015-2728)

  - An out-of-bounds read flaw exists in the
    AudioParamTimeline::AudioNodeInputValue() function when
    computing oscillator rending ranges. An attacker can
    exploit this to disclose the contents of four bytes of
    memory or cause a denial of service condition.
    (CVE-2015-2729)

  - A signature spoofing vulnerability exists due to a flaw
    in Network Security Services (NSS) in its Elliptic Curve
    Digital Signature Algorithm (ECDSA) signature
    validation. A remote attacker can exploit this to forge
    signatures. (CVE-2015-2730)

  - A use-after-free error exists in the
    CSPService::ShouldLoad() function when modifying the
    Document Object Model to remove a DOM object. An
    attacker can exploit this to dereference already freed
    memory, potentially resulting in the execution of
    arbitrary code. (CVE-2015-2731)

  - An uninitialized memory use issue exists in the
    CairoTextureClientD3D9::BorrowDrawTarget() function, the
    ::d3d11::SetBufferData() function, and the
    YCbCrImageDataDeserializer::ToDataSourceSurface()
    function. The impact is unspecified. (CVE-2015-2734,
    CVE-2015-2737, CVE-2015-2738)

  - A memory corruption issue exists in the
    nsZipArchive::GetDataOffset() function due to improper
    string length checks. An attacker can exploit this, via
    a crafted ZIP archive, to potentially execute arbitrary
    code. (CVE-2015-2735)

  - A memory corruption issue exists in the
    nsZipArchive::BuildFileList() function due to improper
    validation of user-supplied input. An attacker can
    exploit this, via a crafted ZIP archive, to potentially
    execute arbitrary code. (CVE-2015-2736)

  - An unspecified memory corruption issue exists in the
    ArrayBufferBuilder::append() function due to improper
    validation of user-supplied input. An attacker can
    exploit this to potentially execute arbitrary code.
    (CVE-2015-2739)

  - A buffer overflow condition exists in the
    nsXMLHttpRequest::AppendToResponseText() function due to
    improper validation of user-supplied input. An attacker
    can exploit this to potentially execute arbitrary code.
    (CVE-2015-2740)

  - A security bypass vulnerability exists due to a flaw in
    certificate pinning checks. Key pinning is not enforced
    upon encountering an X.509 certificate problem that
    generates a user dialog. A man-in-the-middle attacker
    can exploit this to bypass intended access restrictions.
    (CVE-2015-2741)

  - A privilege escalation vulnerability exists in the PDF
    viewer (PDF.js) due to internal workers being executed
    insecurely. An attacker can exploit this, by leveraging
    a Same Origin Policy bypass, to execute arbitrary code.
    (CVE-2015-2743)

  - A man-in-the-middle vulnerability, known as Logjam,
    exists due to a flaw in the SSL/TLS protocol. A remote
    attacker can exploit this flaw to downgrade connections
    using ephemeral Diffie-Hellman key exchange to 512-bit
    export-grade cryptography. (CVE-2015-4000)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-59/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-60/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-61/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-62/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-63/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-64/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-65/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-66/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-67/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-69/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-70/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org//en-US/security/advisories/mfsa2015-71/");
  script_set_attribute(attribute:"see_also", value:"https://weakdh.org/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox 39.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-2740");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'39.0', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

nessus 41
veracode 17
openvas 53
centos 4
suse 6
ubuntu 4
oraclelinux 4
redhat 4
securityvulns 1
osv 3
mageia 2
freebsd 1
archlinux 2
debian 5
mozilla 7
ibm 4
cvelist 8
prion 10
ubuntucve 11
cve 10
f5 1
debiancve 1
nessus
nessus
Firefox < 39.0 Multiple Vulnerabilities (Mac OS X) (Logjam)
2015-07-07 00:00:00
Firefox ESR < 38.1 Multiple Vulnerabilities (Logjam)
2015-07-07 00:00:00
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2656-1)
2015-07-13 00:00:00
veracode
veracode
Buffer Overflow
2019-05-02 05:40:25
Buffer Overflow
2019-05-02 05:40:25
Arbitrary Code Execution
2019-05-02 05:40:23
openvas
openvas
RedHat Update for firefox RHSA-2015:1207-01
2015-07-04 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities-01 (Jul 2015) - Mac OS X
2015-07-08 00:00:00
CentOS Update for firefox CESA-2015:1207 centos6
2015-07-07 00:00:00
centos
centos
firefox security update
2015-07-06 14:50:33
thunderbird security update
2015-07-20 18:55:36
nss security update
2015-08-24 18:12:13
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2015-07-13 11:07:56
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-07-20 11:08:17
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-07-20 12:09:44
ubuntu
ubuntu
Firefox vulnerabilities
2015-07-15 00:00:00
Firefox vulnerabilities
2015-07-09 00:00:00
Thunderbird vulnerabilities
2015-07-20 00:00:00
oraclelinux
oraclelinux
firefox security update
2015-07-03 00:00:00
thunderbird security update
2015-07-20 00:00:00
nss security, bug fix, and enhancement update
2015-08-24 00:00:00
redhat
redhat
(RHSA-2015:1207) Critical: firefox security update
2015-07-02 00:00:00
(RHSA-2015:1455) Important: thunderbird security update
2015-07-20 00:00:00
(RHSA-2015:1664) Moderate: nss security, bug fix, and enhancement update
2015-08-24 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-07-13 00:00:00
osv
osv
iceweasel - security update
2015-07-04 00:00:00
nss - security update
2015-09-27 00:00:00
nss - security update
2015-08-17 00:00:00
mageia
mageia
Updated firefox package fixes security vulnerability
2015-07-05 20:22:03
Updated thunderbird package fixes security vulnerabilities
2015-07-27 20:18:02
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-07-02 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-07-03 00:00:00
thunderbird: multiple issues
2015-07-11 00:00:00
debian
debian
[SECURITY] [DSA 3300-1] iceweasel security update
2015-07-03 22:06:38
[SECURITY] [DSA 3324-1] icedove security update
2015-08-01 17:10:07
[SECURITY] [DSA 3336-1] nss security update
2015-08-17 19:13:08
mozilla
mozilla
Vulnerabilities found through code inspection — Mozilla
2015-07-02 00:00:00
Use-after-free in workers while using XMLHttpRequest — Mozilla
2015-07-02 00:00:00
Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1) — Mozilla
2015-07-02 00:00:00
ibm
ibm
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS
2018-06-18 00:09:55
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox in IBM Storwize V7000 Unified
2018-06-18 00:09:54
Security Bulletin: A vulnerability in Network Security Services (NSS) affects the IBM FlashSystem model V9000 (CVE-2015-2730)
2018-06-18 00:10:20
cvelist
cvelist
CVE-2015-2736
2015-07-06 01:00:00
CVE-2015-2733
2015-07-06 01:00:00
CVE-2015-2738
2015-07-06 01:00:00
prion
prion
Design/Logic Flaw
2015-07-06 02:01:00
Buffer overflow
2015-07-06 02:01:00
Security feature bypass
2015-07-06 02:01:00
ubuntucve
ubuntucve
CVE-2015-2741
2015-07-05 00:00:00
CVE-2015-2743
2015-07-05 00:00:00
CVE-2015-2740
2015-07-05 00:00:00
cve
cve
CVE-2015-2729
2015-07-06 02:01:00
CVE-2015-2743
2015-07-06 02:01:00
CVE-2015-2741
2015-07-06 02:01:00
f5
f5
K15955144 : Mozilla NSS vulnerability CVE-2015-2730
2016-02-03 00:00:00
debiancve
debiancve
CVE-2015-2730
2015-07-06 02:01:00
JSON
Related for MOZILLA_FIREFOX_39_0.NASL
nessus41veracode17openvas53centos4suse6ubuntu4oraclelinux4redhat4securityvulns1osv3mageia2freebsd1archlinux2debian5mozilla7ibm4cvelist8prion10ubuntucve11cve10f51debiancve1