Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.MOZILLA_FIREFOX_41_0_0.NASL
HistorySep 22, 2015 - 12:00 a.m.

Firefox < 41 Multiple Vulnerabilities

2015-09-2200:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
12

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.278 Low

EPSS

Percentile

96.8%

JSON

The version of Firefox installed on the remote Windows host is prior to 41. It is, therefore, affected by the following vulnerabilities :

  • Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4500)

  • Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4501)

  • A flaw exists that allows scripted proxies to access the inner window. (CVE-2015-4502)

  • An out-of-bounds read issue exists in TCPSocket.js related to the sending of strings over TCPSocket. A remote attacker can exploit this disclose memory contents. (CVE-2015-4503)

  • An out-of-bounds read error exists in the QCMS color management library that is triggered when manipulating an image with specific attributes in its ICC V4 profile.
    A remote attacker can exploit this to cause a denial of service condition or to disclose sensitive information.
    (CVE-2015-4504)

  • A flaw exists in the Mozilla updater that allows a local attacker to replace arbitrary files on the system, resulting in the execution of arbitrary code.
    (CVE-2015-4505)

  • A buffer overflow condition exists in the libvpx component when parsing vp9 format video. A remote attacker can exploit this, via a specially crafted vp9 format video, to execute arbitrary code. (CVE-2015-4506)

  • A flaw exists in the debugger API that is triggered when using the debugger with SavedStacks in JavaScript. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4507)

  • A flaw exists in reader mode that allows an attacker to spoof the URL displayed in the address bar.
    (CVE-2015-4508)

  • A user-after-free error exists when manipulating HTML media elements on a page during script manipulation of the URI table of these elements. An attacker can exploit this to cause a denial of service condition.
    (CVE-2015-4509)

  • A use-after-free error exists when using a shared worker with IndexedDB due to a race condition with the worker.
    A remote attacker can exploit this, via specially crafted content, to cause a denial of service condition.
    (CVE-2015-4510)

  • A buffer overflow condition exists in the nestegg library when decoding a WebM format video with maliciously formatted headers. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4511)

  • An out-of-bounds read error exists during 2D canvas rendering due to an issue in the cairo graphics library.
    An attacker can exploit this to read random memory, resulting in the disclosure of sensitive information.
    (CVE-2015-4512)

  • A security bypass vulnerability exists due to a flaw in Gecko’s implementation of the ECMAScript 5 API. An attacker can exploit this to run web content in a privileged context, resulting in the execution of arbitrary code. (CVE-2015-4516)

  • A memory corruption issue exists in NetworkUtils.cpp. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4517)

  • An information disclosure vulnerability exists due to a flaw that occurs when a previously loaded image on a page is dropped into content after a redirect, resulting in the redirected URL being available to scripts.
    (CVE-2015-4519)

  • Multiple security bypass vulnerabilities exist due to errors in the handling of CORS preflight request headers. (CVE-2015-4520)

  • A memory corruption issue exists in the ConvertDialogOptions() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code.
    (CVE-2015-4521)

  • An overflow condition exists in the GetMaxLength() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4522)

  • An overflow condition exists in the GrowBy() function.
    An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7174)

  • An overflow condition exists in the AddText() function.
    An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7175)

  • A stack overflow condition exists in the AnimationThread() function due to a bad sscanf argument. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7176)

  • A memory corruption issue exists in the InitTextures() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7177)

  • An out-of-bounds memory error exists in the linkAttributes() function when manipulating shaders. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7178)

  • An overflow condition exists in the reserveVertexSpace() function due to an insufficient allocation of memory for a shader attribute array. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7179)

  • A memory corruption issue exists in ReadbackResultWriterD3D11::Run due to mishandling of the return status. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7180)

  • An unspecified flaw exists in the nsPerformance::Now() function in dom/base/nsPerformance.cpp that allows an attacker to use a side-channel attack to disclose sensitive information. (CVE-2015-7327)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(86071);
  script_version("1.8");
  script_cvs_date("Date: 2018/07/16 14:09:14");

  script_cve_id(
    "CVE-2015-4500",
    "CVE-2015-4501",
    "CVE-2015-4502",
    "CVE-2015-4503",
    "CVE-2015-4504",
    "CVE-2015-4505",
    "CVE-2015-4506",
    "CVE-2015-4507",
    "CVE-2015-4508",
    "CVE-2015-4509",
    "CVE-2015-4510",
    "CVE-2015-4511",
    "CVE-2015-4512",
    "CVE-2015-4516",
    "CVE-2015-4517",
    "CVE-2015-4519",
    "CVE-2015-4520",
    "CVE-2015-4521",
    "CVE-2015-4522",
    "CVE-2015-7174",
    "CVE-2015-7175",
    "CVE-2015-7176",
    "CVE-2015-7177",
    "CVE-2015-7178",
    "CVE-2015-7179",
    "CVE-2015-7180",
    "CVE-2015-7327"
  );

  script_name(english:"Firefox < 41 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox installed on the remote Windows host is prior
to 41. It is, therefore, affected by the following vulnerabilities :

  - Multiple unspecified memory corruption issues exist due
    to improper validation of user-supplied input. A remote
    attacker can exploit these issues to corrupt memory and
    execute arbitrary code. (CVE-2015-4500)

  - Multiple unspecified memory corruption issues exist due
    to improper validation of user-supplied input. A remote
    attacker can exploit these issues to corrupt memory and
    execute arbitrary code. (CVE-2015-4501)

  - A flaw exists that allows scripted proxies to access the
    inner window. (CVE-2015-4502)

  - An out-of-bounds read issue exists in TCPSocket.js
    related to the sending of strings over TCPSocket. A
    remote attacker can exploit this disclose memory
    contents. (CVE-2015-4503)

  - An out-of-bounds read error exists in the QCMS color
    management library that is triggered when manipulating
    an image with specific attributes in its ICC V4 profile.
    A remote attacker can exploit this to cause a denial of
    service condition or to disclose sensitive information.
    (CVE-2015-4504)

  - A flaw exists in the Mozilla updater that allows a local
    attacker to replace arbitrary files on the system,
    resulting in the execution of arbitrary code.
    (CVE-2015-4505)

  - A buffer overflow condition exists in the libvpx
    component when parsing vp9 format video. A remote
    attacker can exploit this, via a specially crafted vp9
    format video, to execute arbitrary code. (CVE-2015-4506)

  - A flaw exists in the debugger API that is triggered when
    using the debugger with SavedStacks in JavaScript. An
    attacker can exploit this to cause a denial of service
    condition. (CVE-2015-4507)

  - A flaw exists in reader mode that allows an attacker to
    spoof the URL displayed in the address bar.
    (CVE-2015-4508)

  - A user-after-free error exists when manipulating HTML
    media elements on a page during script manipulation of
    the URI table of these elements. An attacker can exploit
    this to cause a denial of service condition.
    (CVE-2015-4509)

  - A use-after-free error exists when using a shared worker
    with IndexedDB due to a race condition with the worker.
    A remote attacker can exploit this, via specially
    crafted content, to cause a denial of service condition.
    (CVE-2015-4510)

  - A buffer overflow condition exists in the nestegg
    library when decoding a WebM format video with
    maliciously formatted headers. An attacker can exploit
    this to cause a denial of service condition or the
    execution of arbitrary code. (CVE-2015-4511)

  - An out-of-bounds read error exists during 2D canvas
    rendering due to an issue in the cairo graphics library.
    An attacker can exploit this to read random memory,
    resulting in the disclosure of sensitive information.
    (CVE-2015-4512)

  - A security bypass vulnerability exists due to a flaw in
    Gecko's implementation of the ECMAScript 5 API. An
    attacker can exploit this to run web content in a
    privileged context, resulting in the execution of
    arbitrary code. (CVE-2015-4516)

  - A memory corruption issue exists in NetworkUtils.cpp. An
    attacker can potentially exploit this issue to cause a
    denial of service condition or to execute arbitrary
    code. (CVE-2015-4517)

  - An information disclosure vulnerability exists due to a
    flaw that occurs when a previously loaded image on a
    page is dropped into content after a redirect, resulting
    in the redirected URL being available to scripts.
    (CVE-2015-4519)

  - Multiple security bypass vulnerabilities exist due to
    errors in the handling of CORS preflight request
    headers. (CVE-2015-4520)

  - A memory corruption issue exists in the
    ConvertDialogOptions() function. An attacker can
    potentially exploit this issue to cause a denial of
    service condition or to execute arbitrary code.
    (CVE-2015-4521)

  - An overflow condition exists in the GetMaxLength()
    function. An attacker can potentially exploit this to
    cause a denial of service condition or to execute
    arbitrary code. (CVE-2015-4522)

  - An overflow condition exists in the GrowBy() function.
    An attacker can potentially exploit this to cause a
    denial of service condition or to execute arbitrary
    code. (CVE-2015-7174)

  - An overflow condition exists in the AddText() function.
    An attacker can potentially exploit this to cause a
    denial of service condition or to execute arbitrary
    code. (CVE-2015-7175)

  - A stack overflow condition exists in the
    AnimationThread() function due to a bad sscanf
    argument. An attacker can potentially exploit this to
    cause a denial of service condition or to execute
    arbitrary code. (CVE-2015-7176)

  - A memory corruption issue exists in the InitTextures()
    function. An attacker can potentially exploit this issue
    to cause a denial of service condition or to execute
    arbitrary code. (CVE-2015-7177)

  - An out-of-bounds memory error exists in the
    linkAttributes() function when manipulating shaders. An
    attacker can potentially exploit this issue to cause a
    denial of service condition or to execute arbitrary
    code. (CVE-2015-7178)

  - An overflow condition exists in the reserveVertexSpace()
    function due to an insufficient allocation of memory for
    a shader attribute array. An attacker can potentially
    exploit this issue to cause a denial of service
    condition or to execute arbitrary code. (CVE-2015-7179)

  - A memory corruption issue exists in
    ReadbackResultWriterD3D11::Run due to mishandling of the
    return status. An attacker can potentially exploit this
    issue to cause a denial of service condition or to
    execute arbitrary code. (CVE-2015-7180)

  - An unspecified flaw exists in the nsPerformance::Now()
    function in dom/base/nsPerformance.cpp that allows an
    attacker to use a side-channel attack to disclose
    sensitive information. (CVE-2015-7327)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-98/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-100/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-101/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-102/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-103/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-104/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-107/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-108/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-114/");
  script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 41 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/09/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'41', severity:SECURITY_HOLE, xss:FALSE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

suse 6
kaspersky 2
openvas 41
ubuntu 5
nessus 26
freebsd 2
archlinux 1
securityvulns 1
centos 2
debian 1
redhat 2
mageia 3
oraclelinux 2
ibm 3
mozilla 10
prion 16
nvd 18
ubuntucve 18
cvelist 17
cve 16
debiancve 1
veracode 5
zdi 1
suse
suse
Security update for seamonkey (important)
2015-10-05 18:10:25
Security update for MozillaFirefox, mozilla-nspr (important)
2015-10-05 18:10:03
Security update for MozillaFirefox (important)
2015-10-01 10:09:18
kaspersky
kaspersky
KLA11454 Multiple vulnerabilities in SeaMonkey
2015-09-22 00:00:00
KLA10672 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-09-22 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2743-1)
2015-09-24 00:00:00
openSUSE: Security Advisory for seamonkey (openSUSE-SU-2015:1681-1)
2015-10-06 00:00:00
Mozilla Firefox Multiple Vulnerabilities (Sep 2015) - Windows
2015-09-29 00:00:00
ubuntu
ubuntu
Firefox regression
2015-10-05 00:00:00
Unity Integration for Firefox, Unity Websites Integration and Ubuntu Online Accounts extension update
2015-09-24 00:00:00
Firefox vulnerabilities
2015-09-22 00:00:00
nessus
nessus
openSUSE Security Update : seamonkey (openSUSE-2015-632)
2015-10-06 00:00:00
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2743-1)
2015-09-23 00:00:00
Ubuntu 14.04 LTS : Firefox regression (USN-2743-4)
2015-10-06 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-09-22 00:00:00
libvpx -- buffer overflow in vp9_init_context_buffers
2015-09-22 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-09-23 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-10-19 00:00:00
centos
centos
firefox security update
2015-09-22 20:41:17
thunderbird security update
2015-10-01 21:36:10
debian
debian
[SECURITY] [DSA 3365-1] iceweasel security update
2015-09-23 16:49:03
redhat
redhat
(RHSA-2015:1834) Critical: firefox security update
2015-09-22 00:00:00
(RHSA-2015:1852) Important: thunderbird security update
2015-10-01 00:00:00
mageia
mageia
Updated iceape/sqlite3 packages fix security vulnerabilities
2015-10-27 12:06:52
Updated firefox packages fix security vulnerabilities
2015-09-23 22:42:52
Updated thunderbird packages fix security vulnerabilities
2015-10-02 15:38:21
oraclelinux
oraclelinux
thunderbird security update
2015-10-01 00:00:00
firefox security update
2015-09-22 00:00:00
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified
2018-06-18 00:10:09
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS
2018-06-18 00:10:09
Security Bulletin: Multiple Vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:32:49
mozilla
mozilla
Vulnerabilities found through code inspection — Mozilla
2015-09-22 00:00:00
Memory safety errors in libGLES in the ANGLE graphics library — Mozilla
2015-09-22 00:00:00
Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) — Mozilla
2015-09-22 00:00:00
prion
prion
Design/Logic Flaw
2015-09-24 04:59:00
Memory corruption
2015-09-24 04:59:00
Buffer overflow
2015-09-24 04:59:00
nvd
nvd
CVE-2015-7327
2015-09-24 04:59:29
CVE-2015-7179
2015-09-24 04:59:26
CVE-2015-4500
2015-09-24 04:59:02
ubuntucve
ubuntucve
CVE-2015-7327
2015-09-24 00:00:00
CVE-2015-7179
2015-09-24 00:00:00
CVE-2015-4505
2015-09-24 00:00:00
cvelist
cvelist
CVE-2015-4507
2015-09-24 01:00:00
CVE-2015-7327
2015-09-24 01:00:00
CVE-2015-7179
2015-09-24 01:00:00
cve
cve
CVE-2015-4501
2015-09-24 04:59:03
CVE-2015-7327
2015-09-24 04:59:29
CVE-2015-4502
2015-09-24 04:59:04
debiancve
debiancve
CVE-2015-4506
2015-09-24 04:59:09
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:07:52
Denial Of Service (DoS)
2019-05-02 05:18:29
Remote Code Execution (RCE)
2019-05-02 05:18:26
zdi
zdi
Mozilla Firefox HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability
2015-12-18 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.278 Low

EPSS

Percentile

96.8%

JSON
Related for MOZILLA_FIREFOX_41_0_0.NASL
suse6kaspersky2openvas41ubuntu5nessus26freebsd2archlinux1securityvulns1centos2debian1redhat2mageia3oraclelinux2ibm3mozilla10prion16nvd18ubuntucve18cvelist17cve16debiancve1veracode5zdi1