CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
94.4%
The version of Mozilla Firefox ESR installed on the remote Mac OS X host is 45.x prior to 45.4. It is, therefore, affected by multiple vulnerabilities :
A flaw exists in the HttpBaseChannel::GetPerformance() function in netwerk/protocol/http/HttpBaseChannel.cpp due to the program leaking potentially sensitive resources of URLs through the Resource Timing API during page navigation. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2016-5250)
Multiple memory safety issues exist that allow an unauthenticated, remote attacker to potentially execute arbitrary code. (CVE-2016-5257)
An integer overflow condition exists in the WebSocketChannel::ProcessInput() function within file netwerk/protocol/websocket/WebSocketChannel.cpp when handling specially crafted WebSocketChannel packets due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5261)
A heap buffer overflow condition exists in the nsCaseTransformTextRunFactory::TransformString() function in layout/generic/nsTextRunTransformations.cpp when converting text containing certain Unicode characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5270)
A type confusion error exists within file layout/forms/nsRangeFrame.cpp when handling layout with input elements. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5272)
A use-after-free error exists within file layout/style/nsRuleNode.cpp when handling web animations during restyling. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
(CVE-2016-5274)
A use-after-free error exists in the DocAccessible::ProcessInvalidationList() function within file accessible/generic/DocAccessible.cpp when setting an aria-owns attribute. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
(CVE-2016-5276)
A use-after-free error exists in the nsRefreshDriver::Tick() function when handling web animations destroying a timeline. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5277)
A buffer overflow condition exists in the nsBMPEncoder::AddImageFrame() function within file dom/base/ImageEncoder.cpp when encoding image frames to images. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5278)
A use-after-free error exists in the nsTextNodeDirectionalityMap::RemoveElementFromMap() function within file dom/base/DirectionalityUtils.cpp when handling changing of text direction. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5280)
A use-after-free error exists when handling SVG format content that is being manipulated through script code.
An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5281)
A flaw exists due to the certificate pinning policy for built-in sites (e.g., addons.mozilla.org) not being honored when pins have expired. A man-in-the-middle (MitM) attacker can exploit this to generate a trusted certificate, which could be used to conduct spoofing attacks. (CVE-2016-5284)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(93659);
script_version("1.7");
script_cvs_date("Date: 2019/11/14");
script_cve_id(
"CVE-2016-5250",
"CVE-2016-5257",
"CVE-2016-5261",
"CVE-2016-5270",
"CVE-2016-5272",
"CVE-2016-5274",
"CVE-2016-5276",
"CVE-2016-5277",
"CVE-2016-5278",
"CVE-2016-5280",
"CVE-2016-5281",
"CVE-2016-5284"
);
script_bugtraq_id(92260, 93049);
script_xref(name:"MFSA", value:"2016-86");
script_name(english:"Mozilla Firefox ESR 45.x < 45.4 Multiple Vulnerabilities (Mac OS X)");
script_summary(english:"Checks the version of Firefox.");
script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Mozilla Firefox ESR installed on the remote Mac OS X
host is 45.x prior to 45.4. It is, therefore, affected by multiple
vulnerabilities :
- A flaw exists in the HttpBaseChannel::GetPerformance()
function in netwerk/protocol/http/HttpBaseChannel.cpp
due to the program leaking potentially sensitive
resources of URLs through the Resource Timing API
during page navigation. An unauthenticated, remote
attacker can exploit this to disclose sensitive
information. (CVE-2016-5250)
- Multiple memory safety issues exist that allow an
unauthenticated, remote attacker to potentially execute
arbitrary code. (CVE-2016-5257)
- An integer overflow condition exists in the
WebSocketChannel::ProcessInput() function within file
netwerk/protocol/websocket/WebSocketChannel.cpp when
handling specially crafted WebSocketChannel packets due
to improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2016-5261)
- A heap buffer overflow condition exists in the
nsCaseTransformTextRunFactory::TransformString()
function in layout/generic/nsTextRunTransformations.cpp
when converting text containing certain Unicode
characters. An unauthenticated, remote attacker can
exploit this to execute arbitrary code. (CVE-2016-5270)
- A type confusion error exists within file
layout/forms/nsRangeFrame.cpp when handling layout with
input elements. An unauthenticated, remote attacker can
exploit this to execute arbitrary code. (CVE-2016-5272)
- A use-after-free error exists within file
layout/style/nsRuleNode.cpp when handling web animations
during restyling. An unauthenticated, remote attacker
can exploit this to execute arbitrary code.
(CVE-2016-5274)
- A use-after-free error exists in the
DocAccessible::ProcessInvalidationList() function within
file accessible/generic/DocAccessible.cpp when setting
an aria-owns attribute. An unauthenticated, remote
attacker can exploit this to execute arbitrary code.
(CVE-2016-5276)
- A use-after-free error exists in the
nsRefreshDriver::Tick() function when handling web
animations destroying a timeline. An unauthenticated,
remote attacker can exploit this to execute arbitrary
code. (CVE-2016-5277)
- A buffer overflow condition exists in the
nsBMPEncoder::AddImageFrame() function within file
dom/base/ImageEncoder.cpp when encoding image frames to
images. An unauthenticated, remote attacker can exploit
this to execute arbitrary code. (CVE-2016-5278)
- A use-after-free error exists in the
nsTextNodeDirectionalityMap::RemoveElementFromMap()
function within file dom/base/DirectionalityUtils.cpp
when handling changing of text direction. An
unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2016-5280)
- A use-after-free error exists when handling SVG format
content that is being manipulated through script code.
An unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2016-5281)
- A flaw exists due to the certificate pinning policy for
built-in sites (e.g., addons.mozilla.org) not being
honored when pins have expired. A man-in-the-middle
(MitM) attacker can exploit this to generate a trusted
certificate, which could be used to conduct spoofing
attacks. (CVE-2016-5284)");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Firefox ESR version 45.4 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5281");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/31");
script_set_attribute(attribute:"patch_publication_date", value:"2016/09/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_firefox_installed.nasl");
script_require_keys("MacOSX/Firefox/Installed");
exit(0);
}
include("mozilla_version.inc");
kb_base = "MacOSX/Firefox";
get_kb_item_or_exit(kb_base+"/Installed");
version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
is_esr = get_kb_item(kb_base+"/is_esr");
if (isnull(is_esr)) audit(AUDIT_NOT_INST, "Mozilla Firefox ESR");
mozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'45.4', min:'45.0', severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox_esr | cpe:/a:mozilla:firefox_esr |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5261
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284
www.mozilla.org/en-US/security/advisories/mfsa2016-86/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
94.4%