Summary
The host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, obtain potentially sensitive information, gain escalated privileges, bypass security restrictions, and perform unauthorized actions. Other attacks may also be possible.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox ESR 17.0.7 or later
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple flaws due to,
- PreserveWrapper does not handle lack of wrapper.
- Error in processing of SVG format images with filters to read pixel values.
- Does not prevent inclusion of body data in XMLHttpRequest HEAD request.
- Multiple unspecified errors in the browser engine.
- Does not properly handle onreadystatechange events in conjunction with page reloading.
- System Only Wrapper (SOW) and Chrome Object Wrapper (COW), does not restrict XBL user-defined functions.
- Use-after-free vulnerability in 'nsIDocument::GetRootElement' and 'mozilla::dom::HTMLMediaElement::LookupMediaElementURITable' functions.
- XrayWrapper does not properly restrict use of DefaultValue for method calls.
Affected
Mozilla Firefox ESR versions 17.x before 17.0.7 on Windows
References
Severity
Classification
-
CVE CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities