Mozilla Firefox ESR Integer Overflow Vulnerability-01 Nov13 (Windows) Network Vulnerability

Summary

This host is installed with Mozilla Firefox ESR and is prone to integer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Impact Level: Application.

Solution

Upgrade to Mozilla Firefox ESR version 17.0.11 or 24.1.1 or later, For updates refer to http://www.mozilla.org/en-US/firefox/organizations/all.html

Insight

The flaw is due to integer overflow in the 'PL_ArenaAllocate' function in Mozilla Netscape Portable Runtime (NSPR).

Affected

Mozilla Firefox ESR version 17.x before 17.0.11 and 24.x before 24.1.1 on Windows

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://archives.neohapsis.com/archives/bugtraq/current/0105.html
http://secunia.com/advisories/55732
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5607

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)

Take action and discover your vulnerabilities