Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.MOZILLA_FIREFOX_45_9_ESR.NASL
HistoryApr 24, 2017 - 12:00 a.m.

Mozilla Firefox ESR 45.x < 45.9 Multiple Vulnerabilities

2017-04-2400:00:00
This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26

9.8 High

AI Score

Confidence

High

JSON

The version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.9. It is, therefore, affected by the following vulnerabilities :

  • Multiple buffer overflow conditions exist in the FLEX generated code due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-6354, CVE-2017-5469)

  • Multiple flaws exist in the Libevent library, within files evdns.c and evutil.c, due to improper validation of input when handling IP address strings, empty base name strings, and DNS packets. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197)

  • Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-5429)

  • A use-after-free error exists in input text selection that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5432)

  • A use-after-free error exists in the SMIL animation functions when handling animation elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5433)

  • A use-after-free error exists when redirecting focus handling that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5434)

  • A use-after-free error exists in design mode interactions when handling transaction processing in the editor. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5435)

  • An out-of-bounds write error exists in the Graphite 2 library when handling specially crafted Graphite fonts.
    An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5436)

  • A use-after-free error exists in the nsAutoPtr() function during XSLT processing due to the result handler being held by a freed handler. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5438)

  • A use-after-free error exists in the Length() function in nsTArray when handling template parameters during XSLT processing. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5439)

  • A use-after-free error exists in the txExecutionState destructor when processing XSLT content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5440)

  • A use-after-free error exists when holding a selection during scroll events. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2017-5441)

  • A use-after-free error exists when changing styles in DOM elements that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5442)

  • An out-of-bounds write error exists while decoding improperly formed BinHex format archives that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2017-5443)

  • A buffer overflow condition exists while parsing application/http-index-format format content due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via improperly formatted data, to disclose out-of-bounds memory content. (CVE-2017-5444)

  • A flaw exists in nsDirIndexParser.cpp when parsing application/http-index-format format content in which uninitialized values are used to create an array. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-5445)

  • An out-of-bounds read error exists when handling HTTP/2 DATA connections to a server that sends DATA frames with incorrect content. An unauthenticated, remote attacker can exploit to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-5446)

  • An out-of-bounds read error exists when processing glyph widths during text layout. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents.
    (CVE-2017-5447)

  • An out-of-bounds write error exists in the ClearKeyDecryptor::Decrypt() function within file ClearKeyDecryptionManager.cpp when decrypting Clearkey-encrypted media content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    This vulnerability can only be exploited if a secondary mechanism can be used to escape the Gecko Media Plugin (GMP) sandbox. (CVE-2017-5448)

  • A buffer overflow condition exists in WebGL when handling web content due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5459)

  • A use-after-free error exists in frame selection when handling a specially crafted combination of script content and key presses by the user. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2017-5460)

  • An out-of-bounds write error exists in the Network Security Services (NSS) library during Base64 decoding operations due to insufficient memory being allocated to a buffer. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5461)

  • A flaw exists in the Network Security Services (NSS) library during DRBG number generation due to the internal state V not correctly carrying bits over. An unauthenticated, remote attacker can exploit this to potentially cause predictable random number generation.
    (CVE-2017-5462)

  • A flaw exists when making changes to DOM content in the accessibility tree due to improper validation of certain input, which can lead to the DOM tree becoming out of sync with the accessibility tree. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2017-5464)

  • An out-of-bounds read error exists in ConvolvePixel when processing SVG content, which allows for otherwise inaccessible memory being copied into SVG graphic content. An unauthenticated, remote attacker can exploit this to disclose memory contents or cause a denial of service condition. (CVE-2017-5465)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(99630);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");

  script_cve_id(
    "CVE-2016-6354",
    "CVE-2016-10195",
    "CVE-2016-10196",
    "CVE-2016-10197",
    "CVE-2017-5429",
    "CVE-2017-5432",
    "CVE-2017-5433",
    "CVE-2017-5434",
    "CVE-2017-5435",
    "CVE-2017-5436",
    "CVE-2017-5438",
    "CVE-2017-5439",
    "CVE-2017-5440",
    "CVE-2017-5441",
    "CVE-2017-5442",
    "CVE-2017-5443",
    "CVE-2017-5444",
    "CVE-2017-5445",
    "CVE-2017-5446",
    "CVE-2017-5447",
    "CVE-2017-5448",
    "CVE-2017-5459",
    "CVE-2017-5460",
    "CVE-2017-5461",
    "CVE-2017-5462",
    "CVE-2017-5464",
    "CVE-2017-5465",
    "CVE-2017-5469"
  );
  script_bugtraq_id(92141, 96014, 97940);
  script_xref(name:"MFSA", value:"2017-11");

  script_name(english:"Mozilla Firefox ESR 45.x < 45.9 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Mozilla Firefox ESR installed on the remote Windows
host is 45.x prior to 45.9. It is, therefore, affected by the
following vulnerabilities :

  - Multiple buffer overflow conditions exist in the FLEX
    generated code due to improper validation of certain
    input. An unauthenticated, remote attacker can exploit
    these to execute arbitrary code. (CVE-2016-6354,
    CVE-2017-5469)

  - Multiple flaws exist in the Libevent library, within
    files evdns.c and evutil.c, due to improper validation
    of input when handling IP address strings, empty base
    name strings, and DNS packets. An unauthenticated,
    remote attacker can exploit these to cause a denial of
    service condition or the execution of arbitrary code.
    (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197)

  - Multiple memory corruption issues exist that allow an
    unauthenticated, remote attacker to execute arbitrary
    code. (CVE-2017-5429)

  - A use-after-free error exists in input text selection
    that allows an unauthenticated, remote attacker to
    cause a denial of service condition or the execution of
    arbitrary code. (CVE-2017-5432)

  - A use-after-free error exists in the SMIL animation
    functions when handling animation elements. An
    unauthenticated, remote attacker can exploit this to
    cause a denial of service condition or the execution of
    arbitrary code. (CVE-2017-5433)

  - A use-after-free error exists when redirecting focus
    handling that allows an unauthenticated, remote attacker
    to cause a denial of service condition or the execution
    of arbitrary code. (CVE-2017-5434)

  - A use-after-free error exists in design mode
    interactions when handling transaction processing in
    the editor. An unauthenticated, remote attacker can
    exploit this to cause a denial of service condition or
    the execution of arbitrary code. (CVE-2017-5435)

  - An out-of-bounds write error exists in the Graphite 2
    library when handling specially crafted Graphite fonts.
    An unauthenticated, remote attacker can exploit this to
    cause a denial of service condition or the execution of
    arbitrary code. (CVE-2017-5436)

  - A use-after-free error exists in the nsAutoPtr()
    function during XSLT processing due to the result
    handler being held by a freed handler. An
    unauthenticated, remote attacker can exploit this to
    cause a denial of service condition or the execution of
    arbitrary code. (CVE-2017-5438)

  - A use-after-free error exists in the Length() function
    in nsTArray when handling template parameters during
    XSLT processing. An unauthenticated, remote attacker can
    exploit this to cause a denial of service condition or
    the execution of arbitrary code. (CVE-2017-5439)

  - A use-after-free error exists in the txExecutionState
    destructor when processing XSLT content. An
    unauthenticated, remote attacker can exploit this to
    cause a denial of service condition or the execution of
    arbitrary code. (CVE-2017-5440)

  - A use-after-free error exists when holding a selection
    during scroll events. An unauthenticated, remote
    attacker can exploit this to cause a denial of service
    condition or the execution of arbitrary code.
    (CVE-2017-5441)

  - A use-after-free error exists when changing styles in
    DOM elements that allows an unauthenticated, remote
    attacker to cause a denial of service condition or the
    execution of arbitrary code. (CVE-2017-5442)

  - An out-of-bounds write error exists while decoding
    improperly formed BinHex format archives that allows an
    unauthenticated, remote attacker to cause a denial of
    service condition or the execution of arbitrary code.
    (CVE-2017-5443)

  - A buffer overflow condition exists while parsing
    application/http-index-format format content due to
    improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit this, via
    improperly formatted data, to disclose out-of-bounds
    memory content. (CVE-2017-5444)

  - A flaw exists in nsDirIndexParser.cpp when parsing
    application/http-index-format format content in which
    uninitialized values are used to create an array. An
    unauthenticated, remote attacker can exploit this to
    disclose memory contents. (CVE-2017-5445)

  - An out-of-bounds read error exists when handling HTTP/2
    DATA connections to a server that sends DATA frames with
    incorrect content. An unauthenticated, remote attacker
    can exploit to cause a denial of service condition or
    the disclosure of memory contents. (CVE-2017-5446)

  - An out-of-bounds read error exists when processing glyph
    widths during text layout. An unauthenticated, remote
    attacker can exploit this to cause a denial of service
    condition or the disclosure of memory contents.
    (CVE-2017-5447)

  - An out-of-bounds write error exists in the
    ClearKeyDecryptor::Decrypt() function within file
    ClearKeyDecryptionManager.cpp when decrypting
    Clearkey-encrypted media content. An unauthenticated,
    remote attacker can exploit this to cause a denial of
    service condition or the execution of arbitrary code.
    This vulnerability can only be exploited if a secondary
    mechanism can be used to escape the Gecko Media Plugin
    (GMP) sandbox. (CVE-2017-5448)

  - A buffer overflow condition exists in WebGL when
    handling web content due to improper validation of
    certain input. An unauthenticated, remote attacker can
    exploit this to cause a denial of service condition or
    the execution of arbitrary code. (CVE-2017-5459)

  - A use-after-free error exists in frame selection when
    handling a specially crafted combination of script
    content and key presses by the user. An unauthenticated,
    remote attacker can exploit this to cause a denial of
    service condition or the execution of arbitrary code.
    (CVE-2017-5460)

  - An out-of-bounds write error exists in the Network
    Security Services (NSS) library during Base64 decoding
    operations due to insufficient memory being allocated to
    a buffer. An unauthenticated, remote attacker can
    exploit this to cause a denial of service condition or
    the execution of arbitrary code. (CVE-2017-5461)

  - A flaw exists in the Network Security Services (NSS)
    library during DRBG number generation due to the
    internal state V not correctly carrying bits over. An
    unauthenticated, remote attacker can exploit this to
    potentially cause predictable random number generation.
    (CVE-2017-5462)

  - A flaw exists when making changes to DOM content in the
    accessibility tree due to improper validation of certain
    input, which can lead to the DOM tree becoming out of
    sync with the accessibility tree. An unauthenticated,
    remote attacker can exploit this to corrupt memory,
    resulting in a denial of service condition or the
    execution of arbitrary code. (CVE-2017-5464)

  - An out-of-bounds read error exists in ConvolvePixel when
    processing SVG content, which allows for otherwise
    inaccessible memory being copied into SVG graphic
    content. An unauthenticated, remote attacker can exploit
    this to disclose memory contents or cause a denial of
    service condition. (CVE-2017-5465)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Firefox ESR version 45.9 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5469");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'45.9', min:'45.0', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillafirefox_esrcpe:/a:mozilla:firefox_esr

References

Related

mozilla 4
openvas 41
debian 10
nessus 70
altlinux 3
ibm 2
osv 7
mageia 4
redhat 3
centos 3
oraclelinux 3
kaspersky 2
suse 6
ubuntu 4
archlinux 1
freebsd 3
huawei 1
gentoo 4
cloudfoundry 1
redhatcve 4
cve 5
debiancve 4
prion 3
ubuntucve 4
rosalinux 1
photon 1
fedora 2
veracode 2
alpinelinux 1
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 45.9 — Mozilla
2017-04-19 00:00:00
Security vulnerabilities fixed in Thunderbird 52.1 — Mozilla
2017-04-30 00:00:00
Security vulnerabilities fixed in Firefox ESR 52.1 — Mozilla
2017-04-19 00:00:00
openvas
openvas
Mozilla Firefox ESR Security Updates(mfsa_2017-10_2017-11)-Windows
2017-04-20 00:00:00
Debian Security Advisory DSA 3831-1 (firefox-esr - security update)
2017-04-20 00:00:00
Mozilla Firefox ESR Security Updates(mfsa_2017-10_2017-11)-MAC OS X
2017-04-20 00:00:00
debian
debian
[SECURITY] [DLA 906-1] firefox-esr security update
2017-04-21 17:26:13
[SECURITY] [DSA 3831-1] firefox-esr security update
2017-04-19 22:40:29
[SECURITY] [DSA 3789-1] libevent security update
2017-02-15 14:20:08
nessus
nessus
Debian DSA-3831-1 : firefox-esr - security update
2017-04-20 00:00:00
Mozilla Firefox ESR 45.x < 45.9 Multiple Vulnerabilities (macOS)
2017-04-24 00:00:00
Debian DLA-906-1 : firefox-esr security update
2017-04-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 45.9.0-alt1
2017-04-20 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 52.1.0-alt1
2017-05-02 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 52.1.1-alt1
2017-05-08 00:00:00
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS.
2018-06-18 00:35:15
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified
2018-06-18 00:35:38
osv
osv
firefox-esr - security update
2017-04-20 00:00:00
firefox-esr - security update
2017-04-21 00:00:00
libevent - security update
2017-02-15 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerability
2017-04-28 01:21:29
Updated thunderbird packages fix security vulnerability
2017-05-10 23:47:44
Updated libevent packages fix security vulnerability
2017-02-27 01:02:17
redhat
redhat
(RHSA-2017:1104) Critical: firefox security update
2017-04-20 06:59:53
(RHSA-2017:1201) Important: thunderbird security update
2017-05-08 05:16:37
(RHSA-2017:1106) Critical: firefox security update
2017-04-20 08:50:13
centos
centos
firefox security update
2017-04-20 22:44:21
thunderbird security update
2017-05-09 17:01:33
firefox security update
2017-04-20 23:21:25
oraclelinux
oraclelinux
firefox security update
2017-04-20 00:00:00
thunderbird security update
2017-05-08 00:00:00
firefox security update
2017-04-20 00:00:00
kaspersky
kaspersky
KLA11007 Multiple vulnerabilities in Mozilla Thunderbird
2017-04-30 00:00:00
KLA11004 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2017-04-19 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk (important)
2017-05-11 21:15:07
Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (important)
2017-05-04 15:13:58
Security update for Mozilla Firefox (important)
2017-04-25 00:08:46
ubuntu
ubuntu
Thunderbird vulnerabilities
2017-05-16 00:00:00
Firefox regression
2017-05-11 00:00:00
Firefox vulnerabilities
2017-04-21 00:00:00
archlinux
archlinux
[ASA-201704-6] firefox: multiple issues
2017-04-21 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2017-04-19 00:00:00
libevent -- multiple vulnerabilities
2017-01-31 00:00:00
NSS -- multiple vulnerabilities
2017-03-17 00:00:00
huawei
huawei
Security Advisory - Three Vulnerabilities in Huawei GaussDB
2017-10-25 00:00:00
gentoo
gentoo
libevent: Multiple vulnerabilities
2017-05-07 00:00:00
Mozilla Network Security Service (NSS): Multiple vulnerabilities
2017-05-07 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2018-02-20 00:00:00
cloudfoundry
cloudfoundry
USN-3228-1: libevent vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
redhatcve
redhatcve
CVE-2017-5437
2017-04-20 06:20:11
CVE-2017-5469
2019-10-07 14:30:09
CVE-2016-6354
2016-07-27 12:19:07
cve
cve
CVE-2017-5437
2017-04-25 21:59:00
CVE-2017-5469
2018-06-11 21:29:00
CVE-2016-10196
2017-03-15 15:59:00
debiancve
debiancve
CVE-2017-5469
2018-06-11 21:29:00
CVE-2016-6354
2016-09-21 14:25:00
CVE-2016-10195
2017-03-15 15:59:00
prion
prion
Buffer overflow
2018-06-11 21:29:00
Heap overflow
2016-09-21 14:25:00
Stack overflow
2017-03-15 15:59:00
ubuntucve
ubuntucve
CVE-2017-5469
2017-04-20 00:00:00
CVE-2016-6354
2016-09-21 00:00:00
CVE-2016-10196
2016-12-31 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1869
2021-07-02 17:13:48
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0379
2023-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: flex-2.6.0-2.fc24
2016-08-08 20:35:39
[SECURITY] Fedora 23 Update: flex-2.6.0-2.fc23
2016-12-10 02:52:30
veracode
veracode
Stack-based Buffer Overflow
2019-05-02 06:09:59
Out-of-bounds Read
2019-05-02 06:09:59
alpinelinux
alpinelinux
CVE-2016-6354
2016-09-21 14:25:00

9.8 High

AI Score

Confidence

High

JSON
Related for MOZILLA_FIREFOX_45_9_ESR.NASL
mozilla4openvas41debian10nessus70altlinux3ibm2osv7mageia4redhat3centos3oraclelinux3kaspersky2suse6ubuntu4archlinux1freebsd3huawei1gentoo4cloudfoundry1redhatcve4cve5debiancve4prion3ubuntucve4rosalinux1photon1fedora2veracode2alpinelinux1