Mozilla Firefox ESR Integer Overflow Vulnerability-01 Nov13 (Mac OS X) Network Vulnerability

Summary

This host is installed with Mozilla Firefox ESR and is prone to integer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Impact Level: Application.

Solution

Upgrade to Mozilla Firefox ESR version 17.0.11 or 24.1.1 or later, For updates refer to http://www.mozilla.org/en-US/firefox/organizations/all.html

Insight

The flaw is due to integer overflow in the 'PL_ArenaAllocate' function in Mozilla Netscape Portable Runtime (NSPR).

Affected

Mozilla Firefox ESR version 17.x before 17.0.11 and 24.x before 24.1.1 on Mac OS X

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://archives.neohapsis.com/archives/bugtraq/current/0105.html
http://secunia.com/advisories/55732
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5607

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities - Windows
Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Jan15 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)

Take action and discover your vulnerabilities