| VID |
28913 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Mozilla Firefox installed on the remote Windows host is prior to 65.0.1. It is therefore affected by the following vulnerabilities :
- A use-after-free vulnerability in the Skia library can occur when creating a path, leading to a potentially exploitable crash. (CVE-2018-18356)
- An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash. (CVE-2019-5785)
- Cross-origin images can be read from a canvas element in violation of the same- origin policy using the transferFromImageBitmap method. (CVE-2018-18511)
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/
* Platforms Affected:
Mozilla Foundation, Firefox versions prior to 65.0.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Firefox (65.0.1 or later), available from the Mozilla Web site at http://www.mozilla.com/firefox/ |
| Related URL |
CVE-2018-18356,CVE-2018-18511,CVE-2019-5785 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
