 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.809324 |
| Category: | General |
| Title: | Mozilla Firefox Security Update (mfsa_2016-85_2016-86) - Windows |
| Summary: | Mozilla Firefox is prone to multiple vulnerabilities. |
| Description: | Summary: Mozilla Firefox is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy. - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString. - Out-of-bounds read in PropertyProvider::GetSpacingInternal. - Bad cast in nsImageGeometryMixin. - Crash in mozilla::a11y::HyperTextAccessible::GetChildOffset. - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList. - Use-after-free in nsFrameManager::CaptureFrameState. - Heap-use-after-free in nsRefreshDriver::Tick. - Global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions. - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame. - Full local path of files is available to web pages after drag and drop. - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap. - Use-after-free in DOMSVGLength. - Favicons can be loaded through non-whitelisted protocols. - 'iframe src' fragment timing attack can reveal cross-origin data. - Add-on update site certificate pin expiration. - Memory safety bugs. Vulnerability Impact: Successful exploitation of these vulnerabilities remote attackers to cause a denial of service, to execute arbitrary code, to obtain sensitive full-pathname information. Affected Software/OS: Mozilla Firefox versions before 49. Solution: Update to version 49 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-2827 BugTraq ID: 93052 http://www.securityfocus.com/bid/93052 https://security.gentoo.org/glsa/201701-15 http://www.securitytracker.com/id/1036852 Common Vulnerability Exposure (CVE) ID: CVE-2016-5270 BugTraq ID: 93049 http://www.securityfocus.com/bid/93049 Debian Security Information: DSA-3674 (Google Search) http://www.debian.org/security/2016/dsa-3674 RedHat Security Advisories: RHSA-2016:1912 http://rhn.redhat.com/errata/RHSA-2016-1912.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5271 Common Vulnerability Exposure (CVE) ID: CVE-2016-5272 Common Vulnerability Exposure (CVE) ID: CVE-2016-5273 Common Vulnerability Exposure (CVE) ID: CVE-2016-5276 Common Vulnerability Exposure (CVE) ID: CVE-2016-5274 Common Vulnerability Exposure (CVE) ID: CVE-2016-5277 Common Vulnerability Exposure (CVE) ID: CVE-2016-5275 Common Vulnerability Exposure (CVE) ID: CVE-2016-5278 Common Vulnerability Exposure (CVE) ID: CVE-2016-5279 Common Vulnerability Exposure (CVE) ID: CVE-2016-5280 Common Vulnerability Exposure (CVE) ID: CVE-2016-5281 http://www.geeknik.net/7gr1u98b9 Common Vulnerability Exposure (CVE) ID: CVE-2016-5282 Common Vulnerability Exposure (CVE) ID: CVE-2016-5283 Common Vulnerability Exposure (CVE) ID: CVE-2016-5284 https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95 http://seclists.org/dailydave/2016/q3/51 Common Vulnerability Exposure (CVE) ID: CVE-2016-5256 Common Vulnerability Exposure (CVE) ID: CVE-2016-5257 Debian Security Information: DSA-3690 (Google Search) http://www.debian.org/security/2016/dsa-3690 RedHat Security Advisories: RHSA-2016:1985 http://rhn.redhat.com/errata/RHSA-2016-1985.html |
| Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
| This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |