Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MOZILLA_FIREFOX_45_3_ESR.NASL
HistoryAug 05, 2016 - 12:00 a.m.

Firefox ESR 45.x < 45.3 Multiple Vulnerabilities

2016-08-0500:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

The version of Firefox ESR installed on the remote Windows host is 45.x prior to 45.3. It is, therefore, affected by multiple vulnerabilities :

  • An information disclosure vulnerability exists due to a failure to close connections after requesting favicons.
    An attacker can exploit this to continue to send requests to the user’s browser and disclose sensitive information.(CVE-2016-2830)

  • Multiple memory corruption issues exist due to improper validation of user-supplied input. An attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2016-2835, CVE-2016-2836)

  • An overflow condition exists in the ClearKey Content Decryption Module (CDM) used by the Encrypted Media Extensions (EME) API due to improper validation of user-supplied input. An attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
    (CVE-2016-2837)

  • An overflow condition exists in the ProcessPDI() function in layout/base/nsBidi.cpp due to improper validation of user-supplied input. An attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-2838)

  • An underflow condition exists in the BasePoint4d() function in gfx/2d/Matrix.h due to improper validation of user-supplied input when calculating clipping regions in 2D graphics. A remote attacker can exploit this to cause a stack-based buffer underflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5252)

  • A use-after-free error exists in the KeyDown() function in layout/xul/nsXULPopupManager.cpp when using the alt key in conjunction with top level menu items. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5254)

  • A use-after-free error exists in WebRTC that is triggered when handling DTLS objects. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5258)

  • A use-after-free error exists in the DestroySyncLoop() function in dom/workers/WorkerPrivate.cpp that is triggered when handling nested sync event loops in Service Workers. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.
    (CVE-2016-5259)

  • A security bypass vulnerability exists due to event handler attributes on a <marquee> tag being executed inside a sandboxed iframe that does not have the allow-scripts flag set. An attacker can exploit this to bypass cross-site scripting protection mechanisms.
    (CVE-2016-5262)

  • A type confusion flaw exists in the HitTest() function in nsDisplayList.cpp when handling display transformations. An attacker can exploit this to execute arbitrary code. (CVE-2016-5263)

  • A use-after-free error exists in the NativeAnonymousChildListChange() function when applying effects to SVG elements. An attacker can exploit this to dereference already freed memory, resulting in a denial of service condition or the execution of arbitrary code.
    (CVE-2016-5264)

  • A flaw exists in the Redirect() function in nsBaseChannel.cpp that is triggered when a malicious shortcut is called from the same directory as a local HTML file. An attacker can exploit this to bypass the same-origin policy. (CVE-2016-5265)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(92754);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/14");

  script_cve_id(
    "CVE-2016-2830",
    "CVE-2016-2835",
    "CVE-2016-2836",
    "CVE-2016-2837",
    "CVE-2016-2838",
    "CVE-2016-5252",
    "CVE-2016-5254",
    "CVE-2016-5258",
    "CVE-2016-5259",
    "CVE-2016-5262",
    "CVE-2016-5263",
    "CVE-2016-5264",
    "CVE-2016-5265"
  );
  script_bugtraq_id(92258, 92261);
  script_xref(name:"MFSA", value:"2016-62");
  script_xref(name:"MFSA", value:"2016-63");
  script_xref(name:"MFSA", value:"2016-64");
  script_xref(name:"MFSA", value:"2016-67");
  script_xref(name:"MFSA", value:"2016-68");
  script_xref(name:"MFSA", value:"2016-70");
  script_xref(name:"MFSA", value:"2016-72");
  script_xref(name:"MFSA", value:"2016-73");
  script_xref(name:"MFSA", value:"2016-76");
  script_xref(name:"MFSA", value:"2016-77");
  script_xref(name:"MFSA", value:"2016-78");
  script_xref(name:"MFSA", value:"2016-79");
  script_xref(name:"MFSA", value:"2016-80");

  script_name(english:"Firefox ESR 45.x < 45.3 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox ESR installed on the remote Windows host is
45.x prior to 45.3. It is, therefore, affected by multiple
vulnerabilities :

  - An information disclosure vulnerability exists due to a
    failure to close connections after requesting favicons.
    An attacker can exploit this to continue to send
    requests to the user's browser and disclose sensitive
    information.(CVE-2016-2830)

  - Multiple memory corruption issues exist due to improper
    validation of user-supplied input. An attacker can
    exploit these issues to cause a denial of service
    condition or the execution of arbitrary code.
    (CVE-2016-2835, CVE-2016-2836)

  - An overflow condition exists in the ClearKey Content
    Decryption Module (CDM) used by the Encrypted Media
    Extensions (EME) API due to improper validation of
    user-supplied input. An attacker can exploit this to
    cause a buffer overflow, resulting in a denial of
    service condition or the execution of arbitrary code.
    (CVE-2016-2837)

  - An overflow condition exists in the ProcessPDI()
    function in layout/base/nsBidi.cpp due to improper
    validation of user-supplied input. An attacker can
    exploit this to cause a heap-based buffer overflow,
    resulting in a denial of service condition or the
    execution of arbitrary code. (CVE-2016-2838)

  - An underflow condition exists in the BasePoint4d()
    function in gfx/2d/Matrix.h due to improper validation
    of user-supplied input when calculating clipping regions
    in 2D graphics. A remote attacker can exploit this to
    cause a stack-based buffer underflow, resulting in a
    denial of service condition or the execution of
    arbitrary code. (CVE-2016-5252)

  - A use-after-free error exists in the KeyDown() function
    in layout/xul/nsXULPopupManager.cpp when using the alt
    key in conjunction with top level menu items. An
    attacker can exploit this to dereference already freed
    memory, resulting in a denial of service condition or
    the execution of arbitrary code. (CVE-2016-5254)

  - A use-after-free error exists in WebRTC that is
    triggered when handling DTLS objects. An attacker can
    exploit this to dereference already freed memory,
    resulting in a denial of service condition or the
    execution of arbitrary code. (CVE-2016-5258)

  - A use-after-free error exists in the DestroySyncLoop()
    function in dom/workers/WorkerPrivate.cpp that is
    triggered when handling nested sync event loops in
    Service Workers. An attacker can exploit this to
    dereference already freed memory, resulting in a denial
    of service condition or the execution of arbitrary code.
    (CVE-2016-5259)

  - A security bypass vulnerability exists due to event
    handler attributes on a <marquee> tag being executed
    inside a sandboxed iframe that does not have the
    allow-scripts flag set. An attacker can exploit this to
    bypass cross-site scripting protection mechanisms.
    (CVE-2016-5262)

  - A type confusion flaw exists in the HitTest() function
    in nsDisplayList.cpp when handling display
    transformations. An attacker can exploit this to execute
    arbitrary code. (CVE-2016-5263)

  - A use-after-free error exists in the
    NativeAnonymousChildListChange() function when applying
    effects to SVG elements. An attacker can exploit this to
    dereference already freed memory, resulting in a denial
    of service condition or the execution of arbitrary code.
    (CVE-2016-5264)

  - A flaw exists in the Redirect() function in
    nsBaseChannel.cpp that is triggered when a malicious 
    shortcut is called from the same directory as a local
    HTML file. An attacker can exploit this to bypass the
    same-origin policy. (CVE-2016-5265)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox ESR version 45.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5254");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'45.3', min:'45.0', severity:SECURITY_HOLE, xss:TRUE);
VendorProductVersionCPE
mozillafirefox_esrcpe:/a:mozilla:firefox_esr

References

Related

nessus 28
openvas 22
debian 4
osv 1
oraclelinux 2
ibm 2
centos 2
mageia 2
redhat 2
suse 5
archlinux 2
ubuntu 2
kaspersky 1
freebsd 1
mozilla 12
ubuntucve 13
prion 13
debiancve 13
veracode 12
redhatcve 13
cve 13
zdi 1
gentoo 1
nessus
nessus
RHEL 5 / 6 / 7 : firefox (RHSA-2016:1551)
2016-08-04 00:00:00
Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-1551)
2016-08-04 00:00:00
Debian DLA-585-1 : firefox-esr security update
2016-08-05 00:00:00
openvas
openvas
Debian Security Advisory DSA 3640-1 (firefox-esr - security update)
2016-08-03 00:00:00
CentOS Update for firefox CESA-2016:1551 centos7
2016-08-08 00:00:00
Debian Security Advisory DSA 3640-1 (firefox-esr - security update)
2016-08-03 00:00:00
debian
debian
[SECURITY] [DLA 585-1] firefox-esr security update
2016-08-04 08:55:22
[SECURITY] [DSA 3640-1] firefox-esr security update
2016-08-03 19:02:42
[SECURITY] [DLA 640-1] icedove security update
2016-09-30 12:53:41
osv
osv
firefox-esr - security update
2016-08-04 00:00:00
oraclelinux
oraclelinux
firefox security update
2016-08-03 00:00:00
thunderbird security update
2016-09-05 00:00:00
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified.
2018-06-18 00:28:14
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS.
2018-06-18 00:28:14
centos
centos
firefox security update
2016-08-03 13:34:44
thunderbird security update
2016-09-06 00:52:40
mageia
mageia
Updated firefox packages fix security vulnerability
2016-08-09 11:58:37
Updated thunderbird packages fix security vulnerability
2016-09-28 08:59:24
redhat
redhat
(RHSA-2016:1551) Critical: firefox security update
2016-08-03 04:36:50
(RHSA-2016:1809) Important: thunderbird security update
2016-09-05 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2016-08-30 19:09:51
Security update for MozillaFirefox (important)
2016-08-22 20:09:28
Security update for MozillaFirefox, mozilla-nss (important)
2016-08-05 01:09:19
archlinux
archlinux
firefox: multiple issues
2016-08-05 00:00:00
thunderbird: arbitrary code execution
2016-09-04 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2016-08-05 00:00:00
Thunderbird vulnerabilities
2016-09-22 00:00:00
kaspersky
kaspersky
KLA10852 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-08-02 00:00:00
freebsd
freebsd
Mozilla -- multiple vulnerabilities
2016-08-02 00:00:00
mozilla
mozilla
Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) — Mozilla
2016-08-02 00:00:00
Type confusion in display transformation — Mozilla
2016-08-02 00:00:00
Use-after-free when applying SVG effects — Mozilla
2016-08-02 00:00:00
ubuntucve
ubuntucve
CVE-2016-5264
2016-08-03 00:00:00
CVE-2016-5263
2016-08-03 00:00:00
CVE-2016-5265
2016-08-03 00:00:00
prion
prion
Design/Logic Flaw
2016-08-05 01:59:00
Type confusion
2016-08-05 01:59:00
Design/Logic Flaw
2016-08-05 01:59:00
debiancve
debiancve
CVE-2016-5264
2016-08-05 01:59:00
CVE-2016-5263
2016-08-05 01:59:00
CVE-2016-2835
2016-08-05 01:59:00
veracode
veracode
Use-After-Free
2019-05-02 05:46:13
Arbitrary Code Execution
2019-05-02 05:46:13
Use-After-Free
2019-05-02 05:46:12
redhatcve
redhatcve
CVE-2016-5264
2016-08-03 04:49:08
CVE-2016-5263
2016-08-03 04:48:56
CVE-2016-5254
2020-04-08 22:15:09
cve
cve
CVE-2016-5263
2016-08-05 01:59:00
CVE-2016-5259
2016-08-05 01:59:00
CVE-2016-2835
2016-08-05 01:59:00
zdi
zdi
Mozilla Firefox ClearKeyDecryptor Heap Buffer Overflow Remote Code Execution Vulnerability
2016-12-19 00:00:00
gentoo
gentoo
Mozilla Firefox, Thunderbird: Multiple vulnerabilities
2017-01-03 00:00:00
JSON
Related for MOZILLA_FIREFOX_45_3_ESR.NASL
nessus28openvas22debian4osv1oraclelinux2ibm2centos2mageia2redhat2suse5archlinux2ubuntu2kaspersky1freebsd1mozilla12ubuntucve13prion13debiancve13veracode12redhatcve13cve13zdi1gentoo1