Vulnerabilities > CVE-2017-7782 - Improper Privilege Management vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Restful Privilege Elevation Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-955.NASL description This update for MozillaThunderbird to version 52.3 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with marquee during window resizing - CVE-2017-7784: Use-after-free with image observers - CVE-2017-7802: Use-after-free resizing image elements - CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM - CVE-2017-7786: Buffer overflow while painting non-displayable SVG - CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements# - CVE-2017-7787: Same-origin policy bypass with iframes through page reloads - CVE-2017-7807: Domain hijacking through AppCache fallback - CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID - CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher - CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts - CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections - CVE-2017-7803: CSP containing last seen 2020-06-05 modified 2017-08-21 plugin id 102622 published 2017-08-21 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102622 title openSUSE Security Update : MozillaThunderbird (openSUSE-2017-955) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-955. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(102622); script_version("3.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-7753", "CVE-2017-7779", "CVE-2017-7782", "CVE-2017-7784", "CVE-2017-7785", "CVE-2017-7786", "CVE-2017-7787", "CVE-2017-7791", "CVE-2017-7792", "CVE-2017-7798", "CVE-2017-7800", "CVE-2017-7801", "CVE-2017-7802", "CVE-2017-7803", "CVE-2017-7804", "CVE-2017-7807"); script_name(english:"openSUSE Security Update : MozillaThunderbird (openSUSE-2017-955)"); script_summary(english:"Check for the openSUSE-2017-955 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for MozillaThunderbird to version 52.3 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with marquee during window resizing - CVE-2017-7784: Use-after-free with image observers - CVE-2017-7802: Use-after-free resizing image elements - CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM - CVE-2017-7786: Buffer overflow while painting non-displayable SVG - CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements# - CVE-2017-7787: Same-origin policy bypass with iframes through page reloads - CVE-2017-7807: Domain hijacking through AppCache fallback - CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID - CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher - CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts - CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections - CVE-2017-7803: CSP containing 'sandbox' improperly applied - CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 The following bugs were fixed : - Unwanted inline images shown in rogue SPAM messages - Deleting message from the POP3 server not working when maildir storage was used - Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later - Inline images not scaled to fit when printing - Selected text from another message sometimes included in a reply - No authorisation prompt displayed when inserting image into email body although image URL requires authentication - Large attachments taking a long time to open under some circumstances" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052829" ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaThunderbird packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-52.3.0-41.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-buildsymbols-52.3.0-41.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-debuginfo-52.3.0-41.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-debugsource-52.3.0-41.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-devel-52.3.0-41.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-translations-common-52.3.0-41.15.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-translations-other-52.3.0-41.15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-52.3.0-44.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-buildsymbols-52.3.0-44.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-debuginfo-52.3.0-44.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-debugsource-52.3.0-44.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-devel-52.3.0-44.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-translations-common-52.3.0-44.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-translations-other-52.3.0-44.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird / MozillaThunderbird-buildsymbols / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2302-1.NASL description Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829) Following security issues were fixed : - MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback - MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts - MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID - MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections - MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes through page reloads - MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting non-displayable SVG - MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM - MFSA 2017-19/CVE-2017-7784: Use-after-free with image observers - MFSA 2017-19/CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements - MFSA 2017-19/CVE-2017-7798: XUL injection in the style editor in devtools - MFSA 2017-19/CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher - MFSA 2017-19/CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 - MFSA 2017-19/CVE-2017-7800: Use-after-free in WebSockets during disconnection - MFSA 2017-19/CVE-2017-7801: Use-after-free with marquee during window resizing - MFSA 2017-19/CVE-2017-7802: Use-after-free resizing image elements - MFSA 2017-19/CVE-2017-7803: CSP containing last seen 2020-06-01 modified 2020-06-02 plugin id 102856 published 2017-08-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102856 title SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:2302-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:2302-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(102856); script_version("3.9"); script_cvs_date("Date: 2019/09/11 11:22:16"); script_cve_id("CVE-2017-7753", "CVE-2017-7779", "CVE-2017-7782", "CVE-2017-7784", "CVE-2017-7785", "CVE-2017-7786", "CVE-2017-7787", "CVE-2017-7791", "CVE-2017-7792", "CVE-2017-7798", "CVE-2017-7800", "CVE-2017-7801", "CVE-2017-7802", "CVE-2017-7803", "CVE-2017-7804", "CVE-2017-7807"); script_name(english:"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:2302-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829) Following security issues were fixed : - MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback - MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts - MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID - MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections - MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes through page reloads - MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting non-displayable SVG - MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM - MFSA 2017-19/CVE-2017-7784: Use-after-free with image observers - MFSA 2017-19/CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements - MFSA 2017-19/CVE-2017-7798: XUL injection in the style editor in devtools - MFSA 2017-19/CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher - MFSA 2017-19/CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 - MFSA 2017-19/CVE-2017-7800: Use-after-free in WebSockets during disconnection - MFSA 2017-19/CVE-2017-7801: Use-after-free with marquee during window resizing - MFSA 2017-19/CVE-2017-7802: Use-after-free resizing image elements - MFSA 2017-19/CVE-2017-7803: CSP containing 'sandbox' improperly applied This update also fixes : - fixed firefox hangs after a while in FUTEX_WAIT_PRIVATE if cgroups enabled and running on cpu >=1 (bsc#1031485) - The Itanium ia64 build was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1031485" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1052829" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7753/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7779/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7782/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7784/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7785/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7786/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7787/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7791/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7792/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7798/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7800/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7801/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7802/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7803/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7804/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7807/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20172302-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6be72c16" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-MozillaFirefox-13254=1 SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-MozillaFirefox-13254=1 SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch slessp3-MozillaFirefox-13254=1 SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch sleposp3-MozillaFirefox-13254=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-MozillaFirefox-13254=1 SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch dbgsp3-MozillaFirefox-13254=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", reference:"MozillaFirefox-52.3.0esr-72.9.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"MozillaFirefox-branding-SLED-52-24.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"MozillaFirefox-translations-52.3.0esr-72.9.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"MozillaFirefox-52.3.0esr-72.9.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"MozillaFirefox-branding-SLED-52-24.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"MozillaFirefox-translations-52.3.0esr-72.9.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox"); }NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_55_0.NASL description The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 55. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable application crashes. last seen 2020-06-01 modified 2020-06-02 plugin id 102357 published 2017-08-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102357 title Mozilla Firefox < 55 Multiple Vulnerabilities (macOS) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(102357); script_version("1.5"); script_cvs_date("Date: 2019/11/12"); script_cve_id( "CVE-2017-7753", "CVE-2017-7779", "CVE-2017-7780", "CVE-2017-7781", "CVE-2017-7782", "CVE-2017-7783", "CVE-2017-7784", "CVE-2017-7785", "CVE-2017-7786", "CVE-2017-7787", "CVE-2017-7788", "CVE-2017-7789", "CVE-2017-7791", "CVE-2017-7792", "CVE-2017-7794", "CVE-2017-7797", "CVE-2017-7798", "CVE-2017-7799", "CVE-2017-7800", "CVE-2017-7801", "CVE-2017-7802", "CVE-2017-7803", "CVE-2017-7806", "CVE-2017-7807", "CVE-2017-7808", "CVE-2017-7809" ); script_bugtraq_id( 100196, 100197, 100198, 100199, 100201, 100202, 100203, 100206 ); script_xref(name:"MFSA", value:"2017-18"); script_name(english:"Mozilla Firefox < 55 Multiple Vulnerabilities (macOS)"); script_summary(english:"Checks the version of Firefox."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 55. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable application crashes."); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/"); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla Firefox version 55 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7779"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_firefox_installed.nasl"); script_require_keys("MacOSX/Firefox/Installed"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Firefox"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.'); mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'55', severity:SECURITY_HOLE);NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2589-1.NASL description This update for MozillaFirefox to ESR 52.3 fixes several issues. These security issues were fixed : - CVE-2017-7807 Domain hijacking through AppCache fallback (bsc#1052829) - CVE-2017-7791 Spoofing following page navigation with data: protocol and modal alerts (bsc#1052829) - CVE-2017-7792 Buffer overflow viewing certificates with an extremely long OID (bsc#1052829) - CVE-2017-7782 WindowsDllDetourPatcher allocates memory without DEP protections (bsc#1052829) - CVE-2017-7787 Same-origin policy bypass with iframes through page reloads (bsc#1052829) - CVE-2017-7786 Buffer overflow while painting non-displayable SVG (bsc#1052829) - CVE-2017-7785 Buffer overflow manipulating ARIA attributes in DOM (bsc#1052829) - CVE-2017-7784 Use-after-free with image observers (bsc#1052829) - CVE-2017-7753 Out-of-bounds read with cached style data and pseudo-elements (bsc#1052829) - CVE-2017-7798 XUL injection in the style editor in devtools (bsc#1052829) - CVE-2017-7804 Memory protection bypass through WindowsDllDetourPatcher (bsc#1052829) - CVE-2017-7779 Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 (bsc#1052829) - CVE-2017-7800 Use-after-free in WebSockets during disconnection (bsc#1052829) - CVE-2017-7801 Use-after-free with marquee during window resizing (bsc#1052829) - CVE-2017-7802 Use-after-free resizing image elements (bsc#1052829) - CVE-2017-7803 CSP containing last seen 2020-06-01 modified 2020-06-02 plugin id 103563 published 2017-09-29 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103563 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:2589-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_555B244E6B204546851FD8EB7D6C1FFA.NASL description Mozilla Foundation reports : Please reference CVE/URL list for details last seen 2020-06-01 modified 2020-06-02 plugin id 102278 published 2017-08-09 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102278 title FreeBSD : mozilla -- multiple vulnerabilities (555b244e-6b20-4546-851f-d8eb7d6c1ffa) NASL family Windows NASL id MOZILLA_FIREFOX_52_3_ESR.NASL description The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 52.3. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes. last seen 2020-06-01 modified 2020-06-02 plugin id 102358 published 2017-08-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102358 title Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities NASL family Windows NASL id MOZILLA_FIREFOX_55_0.NASL description The version of Mozilla Firefox installed on the remote Windows host is prior to 55. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes. last seen 2020-06-01 modified 2020-06-02 plugin id 102359 published 2017-08-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102359 title Mozilla Firefox < 55 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-921.NASL description This update to Mozilla Firefox 52.3esr fixes a number of security issues. The following vulnerabilities were advised upstream under MFSA 2017-19 (boo#1052829) : - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with marquee during window resizing - CVE-2017-7784: Use-after-free with image observers - CVE-2017-7802: Use-after-free resizing image elements - CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM - CVE-2017-7786: Buffer overflow while painting non-displayable SVG - CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements# - CVE-2017-7787: Same-origin policy bypass with iframes through page reloads - CVE-2017-7807: Domain hijacking through AppCache fallback - CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID - CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher - CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts - CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections - CVE-2017-7803: CSP containing last seen 2020-06-05 modified 2017-08-14 plugin id 102472 published 2017-08-14 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102472 title openSUSE Security Update : MozillaFirefox (openSUSE-2017-921)
References
- http://www.securityfocus.com/bid/100243
- http://www.securitytracker.com/id/1039124
- https://bugzilla.mozilla.org/show_bug.cgi?id=1344034
- https://www.mozilla.org/security/advisories/mfsa2017-18/
- https://www.mozilla.org/security/advisories/mfsa2017-19/
- https://www.mozilla.org/security/advisories/mfsa2017-20/