Vulnerabilities > CVE-2015-4501 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozilla
CWE-119
nessus

Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Mozilla
293

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1680-1.NASL
    descriptionMozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) - MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video - MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video - MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content - MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects - MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86307
    published2015-10-07
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86307
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr (SUSE-SU-2015:1680-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1680-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86307);
      script_version("2.10");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2015-4500", "CVE-2015-4501", "CVE-2015-4506", "CVE-2015-4509", "CVE-2015-4511", "CVE-2015-4517", "CVE-2015-4519", "CVE-2015-4520", "CVE-2015-4521", "CVE-2015-4522", "CVE-2015-7174", "CVE-2015-7175", "CVE-2015-7176", "CVE-2015-7177", "CVE-2015-7180");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr (SUSE-SU-2015:1680-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing
    bugs and security issues.
    
      - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous
        memory safety hazards (rv:41.0 / rv:38.3)
    
      - MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx
        while parsing vp9 format video
    
      - MFSA 2015-105/CVE-2015-4511 Buffer overflow while
        decoding WebM video
    
      - MFSA 2015-106/CVE-2015-4509 Use-after-free while
        manipulating HTML media content
    
      - MFSA 2015-110/CVE-2015-4519 Dragging and dropping images
        exposes final URL after redirects
    
      - MFSA 2015-111/CVE-2015-4520 Errors in the handling of
        CORS preflight request headers
    
      - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522
        CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177
        CVE-2015-7180 Vulnerabilities found through code
        inspection
    
    More details can be found on
    https://www.mozilla.org/en-US/security/advisories/
    
    The Mozilla NSPR library was updated to version 4.10.9, fixing various
    bugs.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=947003"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4500/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4501/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4506/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4509/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4511/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4517/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4519/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4520/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4521/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4522/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7174/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7175/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7176/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7177/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7180/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151680-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?21beff97"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2015-640=1
    
    SUSE Linux Enterprise Server 12 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-2015-640=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-640=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debuginfo-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debugsource-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-translations-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-debuginfo-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-debugsource-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-32bit-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nspr-debuginfo-32bit-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-debugsource-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-translations-38.3.0esr-48.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-32bit-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-debuginfo-4.10.9-6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nspr-debugsource-4.10.9-6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / mozilla-nspr");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_38_3_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote Mac OS X host is prior to 38.3. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4500) - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4501) - A buffer overflow condition exists in the libvpx component when parsing vp9 format video. A remote attacker can exploit this, via a specially crafted vp9 format video, to execute arbitrary code. (CVE-2015-4506) - A user-after-free error exists when manipulating HTML media elements on a page during script manipulation of the URI table of these elements. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4509) - A memory corruption issue exists in NetworkUtils.cpp. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4517) - An information disclosure vulnerability exists due to a flaw that occurs when a previously loaded image on a page is dropped into content after a redirect, resulting in the redirected URL being available to scripts. (CVE-2015-4519) - Multiple security bypass vulnerabilities exist due to errors in the handling of CORS preflight request headers. (CVE-2015-4520) - A memory corruption issue exists in the ConvertDialogOptions() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4521) - An overflow condition exists in the GetMaxLength() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4522) - An overflow condition exists in the GrowBy() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7174) - An overflow condition exists in the AddText() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7175) - A stack overflow condition exists in the AnimationThread() function due to a bad sscanf argument. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7176) - A memory corruption issue exists in the InitTextures() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7177) - A memory corruption issue exists in ReadbackResultWriterD3D11::Run due to mishandling of the return status. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7180)
    last seen2020-06-01
    modified2020-06-02
    plugin id86068
    published2015-09-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86068
    titleFirefox ESR < 38.3 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86068);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/20");
    
      script_cve_id(
        "CVE-2015-4500",
        "CVE-2015-4501",
        "CVE-2015-4506",
        "CVE-2015-4509",
        "CVE-2015-4517",
        "CVE-2015-4519",
        "CVE-2015-4520",
        "CVE-2015-4521",
        "CVE-2015-4522",
        "CVE-2015-7174",
        "CVE-2015-7175",
        "CVE-2015-7176",
        "CVE-2015-7177",
        "CVE-2015-7180"
      );
    
      script_name(english:"Firefox ESR < 38.3 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks the version of Firefox.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Firefox ESR installed on the remote Mac OS X host is
    prior to 38.3. It is, therefore, affected by the following
    vulnerabilities :
    
      - Multiple unspecified memory corruption issues exist due
        to improper validation of user-supplied input. A remote
        attacker can exploit these issues to corrupt memory and
        execute arbitrary code. (CVE-2015-4500)
    
      - Multiple unspecified memory corruption issues exist due
        to improper validation of user-supplied input. A remote
        attacker can exploit these issues to corrupt memory and
        execute arbitrary code. (CVE-2015-4501)
    
      - A buffer overflow condition exists in the libvpx
        component when parsing vp9 format video. A remote
        attacker can exploit this, via a specially crafted vp9
        format video, to execute arbitrary code. (CVE-2015-4506)
    
      - A user-after-free error exists when manipulating HTML
        media elements on a page during script manipulation of
        the URI table of these elements. An attacker can exploit
        this to cause a denial of service condition.
        (CVE-2015-4509)
    
      - A memory corruption issue exists in NetworkUtils.cpp. An
        attacker can potentially exploit this issue to cause a
        denial of service condition or to execute arbitrary
        code. (CVE-2015-4517)
    
      - An information disclosure vulnerability exists due to a
        flaw that occurs when a previously loaded image on a
        page is dropped into content after a redirect, resulting
        in the redirected URL being available to scripts.
        (CVE-2015-4519)
    
      - Multiple security bypass vulnerabilities exist due to
        errors in the handling of CORS preflight request
        headers. (CVE-2015-4520)
    
      - A memory corruption issue exists in the
        ConvertDialogOptions() function. An attacker can
        potentially exploit this issue to cause a denial of
        service condition or to execute arbitrary code.
        (CVE-2015-4521)
    
      - An overflow condition exists in the GetMaxLength()
        function. An attacker can potentially exploit this to
        cause a denial of service condition or to execute
        arbitrary code. (CVE-2015-4522)
    
      - An overflow condition exists in the GrowBy() function.
        An attacker can potentially exploit this to cause a
        denial of service condition or to execute arbitrary
        code. (CVE-2015-7174)
    
      - An overflow condition exists in the AddText() function.
        An attacker can potentially exploit this to cause a
        denial of service condition or to execute arbitrary
        code. (CVE-2015-7175)
    
      - A stack overflow condition exists in the
        AnimationThread() function due to a bad sscanf
        argument. An attacker can potentially exploit this to
        cause a denial of service condition or to execute
        arbitrary code. (CVE-2015-7176)
    
      - A memory corruption issue exists in the InitTextures()
        function. An attacker can potentially exploit this issue
        to cause a denial of service condition or to execute
        arbitrary code. (CVE-2015-7177)
    
      - A memory corruption issue exists in
        ReadbackResultWriterD3D11::Run due to mishandling of the
        return status. An attacker can potentially exploit this
        issue to cause a denial of service condition or to
        execute arbitrary code. (CVE-2015-7180)");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-101/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox ESR 38.3 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7180");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_firefox_installed.nasl");
      script_require_keys("MacOSX/Firefox/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    
    kb_base = "MacOSX/Firefox";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    is_esr = get_kb_item(kb_base+"/is_esr");
    if (isnull(is_esr)) audit(AUDIT_NOT_INST, "Mozilla Firefox ESR");
    
    mozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'38.3', severity:SECURITY_HOLE);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_41_0_0.NASL
    descriptionThe version of Firefox installed on the remote Mac OS X host is prior to 41. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4500) - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4501) - A flaw exists that allows scripted proxies to access the inner window. (CVE-2015-4502) - An out-of-bounds read error exists in the QCMS color management library that is triggered when manipulating an image with specific attributes in its ICC V4 profile. A remote attacker can exploit this to cause a denial of service condition or to disclose sensitive information. (CVE-2015-4504) - A buffer overflow condition exists in the libvpx component when parsing vp9 format video. A remote attacker can exploit this, via a specially crafted vp9 format video, to execute arbitrary code. (CVE-2015-4506) - A flaw exists in the debugger API that is triggered when using the debugger with SavedStacks in JavaScript. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4507) - A flaw exists in reader mode that allows an attacker to spoof the URL displayed in the address bar. (CVE-2015-4508) - A user-after-free error exists when manipulating HTML media elements on a page during script manipulation of the URI table of these elements. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4509) - A use-after-free error exists when using a shared worker with IndexedDB due to a race condition with the worker. A remote attacker can exploit this, via specially crafted content, to cause a denial of service condition. (CVE-2015-4510) - A security bypass vulnerability exists due to a flaw in Gecko
    last seen2020-06-01
    modified2020-06-02
    plugin id86069
    published2015-09-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86069
    titleFirefox < 41 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-619.NASL
    descriptionMozillaFirefox was updated to Firefox 41.0 (bnc#947003) Security issues fixed : - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards - MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers - MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes - MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme - MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater - MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video - MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript - MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode - MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB - MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video - MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content - MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems - MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window - MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed - MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects - MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection - MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library - MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API
    last seen2020-06-05
    modified2015-10-02
    plugin id86238
    published2015-10-02
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86238
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-2015-619)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2743-4.NASL
    descriptionUSN-2743-1 fixed vulnerabilities in Firefox. After upgrading, some users reported problems with bookmark creation and crashes in some circumstances. This update fixes the problem. We apologize for the inconvenience. Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4500, CVE-2015-4501) Andre Bargull discovered that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window. (CVE-2015-4502) Felix Grobert discovered an out-of-bounds read in the QCMS color management library in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2015-4504) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4506) Spandan Veggalam discovered a crash while using the debugger API in some circumstances. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4507) Juho Nurminen discovered that the URL bar could display the wrong URL in reader mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-4508) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4509) Looben Yang discovered a use-after-free when using a shared worker with IndexedDB in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4510) Francisco Alonso discovered an out-of-bounds read during 2D canvas rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4512) Jeff Walden discovered that changes could be made to immutable properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary script in a privileged scope. (CVE-2015-4516) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86291
    published2015-10-06
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86291
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox regression (USN-2743-4)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2D56C7F4B354428F8F4838150C607A05.NASL
    descriptionThe Mozilla Project reports : MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) MFSA 2015-97 Memory leak in mozTCPSocket to servers MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript MFSA 2015-103 URL spoofing in reader mode MFSA 2015-104 Use-after-free with shared workers and IndexedDB MFSA 2015-105 Buffer overflow while decoding WebM video MFSA 2015-106 Use-after-free while manipulating HTML media content MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems MFSA 2015-108 Scripted proxies can access inner window MFSA 2015-109 JavaScript immutable property enforcement can be bypassed MFSA 2015-110 Dragging and dropping images exposes final URL after redirects MFSA 2015-111 Errors in the handling of CORS preflight request headers MFSA 2015-112 Vulnerabilities found through code inspection MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library MFSA 2015-114 Information disclosure via the High Resolution Time API
    last seen2020-06-01
    modified2020-06-02
    plugin id86079
    published2015-09-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86079
    titleFreeBSD : mozilla -- multiple vulnerabilities (2d56c7f4-b354-428f-8f48-38150c607a05)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-632.NASL
    descriptionseamonkey was updated to fix 25 security issues. These security issues were fixed : - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header (bsc#947003). - CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an
    last seen2020-06-05
    modified2015-10-06
    plugin id86282
    published2015-10-06
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86282
    titleopenSUSE Security Update : seamonkey (openSUSE-2015-632)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_41_0_0.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 41. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4500) - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4501) - A flaw exists that allows scripted proxies to access the inner window. (CVE-2015-4502) - An out-of-bounds read issue exists in TCPSocket.js related to the sending of strings over TCPSocket. A remote attacker can exploit this disclose memory contents. (CVE-2015-4503) - An out-of-bounds read error exists in the QCMS color management library that is triggered when manipulating an image with specific attributes in its ICC V4 profile. A remote attacker can exploit this to cause a denial of service condition or to disclose sensitive information. (CVE-2015-4504) - A flaw exists in the Mozilla updater that allows a local attacker to replace arbitrary files on the system, resulting in the execution of arbitrary code. (CVE-2015-4505) - A buffer overflow condition exists in the libvpx component when parsing vp9 format video. A remote attacker can exploit this, via a specially crafted vp9 format video, to execute arbitrary code. (CVE-2015-4506) - A flaw exists in the debugger API that is triggered when using the debugger with SavedStacks in JavaScript. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4507) - A flaw exists in reader mode that allows an attacker to spoof the URL displayed in the address bar. (CVE-2015-4508) - A user-after-free error exists when manipulating HTML media elements on a page during script manipulation of the URI table of these elements. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4509) - A use-after-free error exists when using a shared worker with IndexedDB due to a race condition with the worker. A remote attacker can exploit this, via specially crafted content, to cause a denial of service condition. (CVE-2015-4510) - A buffer overflow condition exists in the nestegg library when decoding a WebM format video with maliciously formatted headers. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4511) - An out-of-bounds read error exists during 2D canvas rendering due to an issue in the cairo graphics library. An attacker can exploit this to read random memory, resulting in the disclosure of sensitive information. (CVE-2015-4512) - A security bypass vulnerability exists due to a flaw in Gecko
    last seen2020-06-01
    modified2020-06-02
    plugin id86071
    published2015-09-22
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86071
    titleFirefox < 41 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_38_3_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote Windows host is prior to 38.3. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4500) - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit these issues to corrupt memory and execute arbitrary code. (CVE-2015-4501) - A flaw exists in the Mozilla updater that allows a local attacker to replace arbitrary files on the system, resulting in the execution of arbitrary code. (CVE-2015-4505) - A buffer overflow condition exists in the libvpx component when parsing vp9 format video. A remote attacker can exploit this, via a specially crafted vp9 format video, to execute arbitrary code. (CVE-2015-4506) - A user-after-free error exists when manipulating HTML media elements on a page during script manipulation of the URI table of these elements. An attacker can exploit this to cause a denial of service condition. (CVE-2015-4509) - A buffer overflow condition exists in the nestegg library when decoding a WebM format video with maliciously formatted headers. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4511) - A memory corruption issue exists in NetworkUtils.cpp. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4517) - An information disclosure vulnerability exists due to a flaw that occurs when a previously loaded image on a page is dropped into content after a redirect, resulting in the redirected URL being available to scripts. (CVE-2015-4519) - Multiple security bypass vulnerabilities exist due to errors in the handling of CORS preflight request headers. (CVE-2015-4520) - A memory corruption issue exists in the ConvertDialogOptions() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4521) - An overflow condition exists in the GetMaxLength() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-4522) - An overflow condition exists in the GrowBy() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7174) - An overflow condition exists in the AddText() function. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7175) - A stack overflow condition exists in the AnimationThread() function due to a bad sscanf argument. An attacker can potentially exploit this to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7176) - A memory corruption issue exists in the InitTextures() function. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7177) - An out-of-bounds memory error exists in the linkAttributes() function when manipulating shaders. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7178) - An overflow condition exists in the reserveVertexSpace() function due to an insufficient allocation of memory for a shader attribute array. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7179) - A memory corruption issue exists in ReadbackResultWriterD3D11::Run due to mishandling of the return status. An attacker can potentially exploit this issue to cause a denial of service condition or to execute arbitrary code. (CVE-2015-7180)
    last seen2020-06-01
    modified2020-06-02
    plugin id86070
    published2015-09-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86070
    titleFirefox ESR < 38.3 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2743-1.NASL
    descriptionAndrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4500, CVE-2015-4501) Andre Bargull discovered that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window. (CVE-2015-4502) Felix Grobert discovered an out-of-bounds read in the QCMS color management library in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2015-4504) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4506) Spandan Veggalam discovered a crash while using the debugger API in some circumstances. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4507) Juho Nurminen discovered that the URL bar could display the wrong URL in reader mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-4508) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4509) Looben Yang discovered a use-after-free when using a shared worker with IndexedDB in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4510) Francisco Alonso discovered an out-of-bounds read during 2D canvas rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4512) Jeff Walden discovered that changes could be made to immutable properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary script in a privileged scope. (CVE-2015-4516) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86102
    published2015-09-23
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86102
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerabilities (USN-2743-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2743-2.NASL
    descriptionUSN-2743-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4500, CVE-2015-4501) Andre Bargull discovered that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window. (CVE-2015-4502) Felix Grobert discovered an out-of-bounds read in the QCMS color management library in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2015-4504) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4506) Spandan Veggalam discovered a crash while using the debugger API in some circumstances. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4507) Juho Nurminen discovered that the URL bar could display the wrong URL in reader mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-4508) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4509) Looben Yang discovered a use-after-free when using a shared worker with IndexedDB in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4510) Francisco Alonso discovered an out-of-bounds read during 2D canvas rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4512) Jeff Walden discovered that changes could be made to immutable properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary script in a privileged scope. (CVE-2015-4516) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86103
    published2015-09-23
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86103
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 : ubufox update (USN-2743-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2081-1.NASL
    descriptionMozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple security issues. MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address hostnames can bypass same-origin policy MFSA 2015-123/CVE-2015-7189 Buffer overflow during image interactions in canvas MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when non-standard Content-Type headers are received MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip files MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with Java applet MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 Vulnerabilities found through code inspection MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass through workers MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR memory corruption issues It also includes fixes from 38.3.0ESR : MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection It also includes fixes from the Firefox 38.2.1ESR release : MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs It also includes fixes from the Firefox 38.2.0ESR release : MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable JavaScript object properties MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in JavaScript MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling bitmap images MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx when decoding WebM video MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with shared workers Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87063
    published2015-11-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87063
    titleSUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1703-1.NASL
    descriptionMozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) - MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video - MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video - MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content - MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects - MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers - MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86341
    published2015-10-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86341
    titleSUSE SLED11 / SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:1703-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2743-3.NASL
    descriptionUSN-2743-1 fixed vulnerabilities in Firefox. Future Firefox updates will require all addons be signed and unity-firefox-extension, webapps-greasemonkey and webaccounts-browser-extension will not go through the signing process. Because these addons currently break search engine installations (LP: #1069793), this update permanently disables the addons by removing them from the system. We apologize for any inconvenience. Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4500, CVE-2015-4501) Andre Bargull discovered that when a web page creates a scripted proxy for the window with a handler defined a certain way, a reference to the inner window will be passed, rather than that of the outer window. (CVE-2015-4502) Felix Grobert discovered an out-of-bounds read in the QCMS color management library in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2015-4504) Khalil Zhani discovered a buffer overflow when parsing VP9 content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4506) Spandan Veggalam discovered a crash while using the debugger API in some circumstances. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4507) Juho Nurminen discovered that the URL bar could display the wrong URL in reader mode in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2015-4508) A use-after-free was discovered when manipulating HTML media content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4509) Looben Yang discovered a use-after-free when using a shared worker with IndexedDB in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4510) Francisco Alonso discovered an out-of-bounds read during 2D canvas rendering in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4512) Jeff Walden discovered that changes could be made to immutable properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary script in a privileged scope. (CVE-2015-4516) Ronald Crane reported multiple vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Mario Gomes discovered that dragging and dropping an image after a redirect exposes the redirected URL to scripts. An attacker could potentially exploit this to obtain sensitive information. (CVE-2015-4519) Ehsan Akhgari discovered 2 issues with CORS preflight requests. An attacker could potentially exploit these to bypass CORS restrictions. (CVE-2015-4520). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86144
    published2015-09-25
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86144
    titleUbuntu 14.04 LTS / 15.04 : unity-firefox-extension, webapps-greasemonkey, webaccounts-browser-extension update (USN-2743-3)