Summary
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, memory corruption, bypass certain security restrictions and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox ESR version 17.0.3 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
- Error when handling a WebIDL object
- Error in displaying the content of a 407 response of a proxy - Unspecified errors in 'nsSaveAsCharset::DoCharsetConversion()' function, Chrome Object Wrappers (COW) and in System Only Wrappers (SOW).
- Use-after-free error in the below functions
'nsDisplayBoxShadowOuter::Paint()'
'nsPrintEngine::CommonPrint()'
'nsOverflowContinuationTracker::Finish()'
'nsImageLoadingContent::OnStopContainer()'
- Out-of-bound read error in below functions
'ClusterIterator::NextCluster()'
'nsCodingStateMachine::NextState()'
'mozilla::image::RasterImage::DrawFrameTo()', when rendering GIF images.
Affected
Mozilla Firefox ESR version 17.x prior to 17.0.3 on Mac OS X
References
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
- Adobe Air Code Execution and DoS Vulnerabilities (Windows)
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Windows)