Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Firefox Multiple Vulnerabilities-01 Jul15 (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Insight
Insight
Multiple flaws are due to: - An error within Network Security Services (NSS) where the client allows for a 'ECDHE_ECDSA' exchange where the server does not send its 'ServerKeyExchange' message. - Multiple use-after-free vulnerabilities. - Multiple unspecified memory related errors. - An error within the 'IndexedDatabaseManager' class in the IndexedDB implementation. - An error within the 'AudioParamTimeline::AudioNodeInputValue' function in the Web Audio implementation . - An error in the implementation of Elliptical Curve Cryptography (ECC) multiplication for Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation in Network Security Services (NSS). - An error in the 'CairoTextureClientD3D9::BorrowDrawTarget' function in the Direct3D 9 implementation. - An error in 'nsZipArchive::BuildFileList' function. - Unspecified error in nsZipArchive.cpp script. - An error in the 'rx::d3d11::SetBufferData' function in the Direct3D 11 implementation. - An error in the 'YCbCrImageDataDeserializer::ToDataSourceSurface' function in the YCbCr implementation. - An error in 'ArrayBufferBuilder::append' function. - Buffer overflow error in the 'nsXMLHttpRequest::AppendToResponseText' function. - An overridable error allowing for skipping pinning checks. - An error in PDF.js PDF file viewer.
Affected Software
Affected Software
Mozilla Firefox before version 39.0 on Windows
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to Mozilla Firefox version 39.0 or later.
Common Vulnerabilities and Exposures (CVE)
References
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-59
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-66
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-67
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-69
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-64
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-62
- http://www.mozilla.com/en-US/firefox/all.html