Facebook Google Plus Twitter LinkedIn YouTube RSS Menú Buscar Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 52 Multiple Vulnerabilities

Critical

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox prior to 52 are unpatched for the following vulnerabilities :

- A flaw exists that is triggered when using a JIT-spray targeting 'asm.js' in conjunction with a heap spray that may allow a context-dependent attacker to bypass the Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) protection mechanisms. (OSVDB 153143) - A flaw exists in the 'txMozillaXMLOutput::createResultDocument()' function in 'dom/xslt/xslt/txMozillaXMLOutput.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153144) - An unspecified flaw exists in 'dom/network/UDPSocketParent.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153145) - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153146, OSVDB 153148, OSVDB 153152, OSVDB 153153, OSVDB 153156, OSVDB 153161, OSVDB 153162, OSVDB 153163, OSVDB 153166, OSVDB 153167, OSVDB 153171, OSVDB 153172, OSVDB 153173, OSVDB 153174, OSVDB 153177, OSVDB 153183) - An unspecified flaw exists in 'js/src/jit/arm/MacroAssembler-arm.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153147) - A flaw exists in the 'nsDocShell::CreateAboutBlankContentViewer()' function in 'docshell/base/nsDocShell.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153149) - An unspecified flaw exists that is triggered as certain input is not properly validated when handling SMIL RAII objects. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153150) - An unspecified flaw exists that is triggered as certain input is not properly validated when handling accessibles. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153151) - A flaw exists in the 'trace()' function in 'xpcom/base/CycleCollectedJSContext.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153154) - An integer underflow condition exists in the 'apply_lookup()' function in 'hb-ot-layout-gsubgpos-private.hh' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and crash a process linked against the library or potentially execute arbitrary code. (OSVDB 153155) - A flaw exists in the 'nsWebBrowser::RemoveWebBrowserListener()' function in 'embedding/browser/nsWebBrowser.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153157) - An unspecified flaw exists in 'dom/u2f/U2F.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153158) - A flaw exists in the 'Element::DescribeAttribute()' function in 'dom/base/Element.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153159) - A flaw exists in 'xpcom/ds/nsSupportsArray.cpp' that is triggered when handling 'nsISupportsArrays'. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153160) - An unspecified flaw exists in 'dom/workers/ServiceWorkerPrivate.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153164) - An unspecified flaw exists in 'layout/printing/nsPrintEngine.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153165) - A flaw exists in 'netwerk/cache2/CacheIndex.cpp' that is triggered when handling cache index serialization. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153168) - An unspecified flaw exists in 'media/webrtc/trunk/webrtc/modules/video_coding/rtt_filter.cc' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153169) - An unspecified flaw exists related to the camera system service that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153170) - A flaw exists in 'js/src/jsgc.cpp' that is triggered as certain input is not properly validated when handling zone groups. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153175) - An unspecified flaw exists in 'netwerk/streamconv/converters/nsMultiMixedConv.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153176) - A flaw exists in 'netwerk/cache/nsDiskCacheDeviceSQL.cpp' that is triggered when handling cache eviction. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153178) - A use-after-free condition exists that is triggered when handling NPAPI plugin references. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153179) - A flaw exists in 'dom/base/nsDocument.cpp' that is triggered when handling frame request callbacks rescheduling. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153180) - A flaw exists in the 'js::array_sort()' function in 'js/src/jsarray.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153181) - A flaw exists in the 'cairo_cff_font_write_cid_fontdict()' function in 'cairo-cff-subset.c' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and crash a process linked against the library or potentially execute arbitrary code. (OSVDB 153182) - A use-after-free error exists that is triggered when using addRange to add the range to an incorrect root object. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153189) - A use-after-free error exists in the 'FontFaceSet' class in 'layout/style/FontFaceSet.cpp' that is triggered when handling events for FontFace objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153190) - A flaw exists in the JavaScript Garbage Collection mechanism that is triggered during incremental sweeping on memory cleanups. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153191) - A flaw exists in 'dom/bindings/ErrorResult.h' that is triggered when handling 'ErrorResult' references. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 153192) - A use-after-free error exists that is triggered when handling ranges in selections with one node inside and one node outside of a native anonymous tree. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 153193) - An out-of-bounds read flaw exists that is triggered when handling SVG filter color value operations. This may allow a context-dependent attacker to potentially disclose sensitive memory contents. (OSVDB 153194) - A flaw exists in the 'HTMLTrackElement::LoadResource()' function in 'dom/html/HTMLTrackElement.cpp' that is triggered as CORS headers are not checked when loading video captions. This may allow a context-dependent attacker to disclose video captions. (OSVDB 153195) - A path truncation flaw exist in the 'NS_main()' function in 'toolkit/mozapps/update/updater/updater.cpp' that is triggered when passing callback parameters through the Mozilla Maintenance Service. This may allow a local attacker to delete arbitrary files with elevated privileges. (OSVDB 153196) - A flaw exists in the 'FilterNodeLightingSoftware::SetAttribute()' function template in 'gfx/2d/FilterNodeSoftware.cpp' that is triggered when handling subnormal surfaceScale values. With a specially crafted SVG filter, a context-dependent attacker can perform a side-channel attack, potentially resulting in disclosure of history information or text values across domains. (OSVDB 153198) - An out-of-bounds access flaw exists that is triggered when handling bidirectional layout operations. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (OSVDB 153203) - A flaw exists in the 'Location' class in 'dom/base/Location.cpp' that is triggered when using a Blob URL. This may allow a context-dependent attacker to spoof the address bar. (OSVDB 153204) - A flaw exists in the 'HTMLInputElement' class in 'dom/html/HTMLInputElement.cpp' that is triggered when handling the local default directory for a file picker dialog. This may allow a context-dependent attacker to disclose information e.g. about the operating system or the local account name. (OSVDB 153205)

Soluciones

Upgrade to Firefox version 52 or later.