Summary
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, memory corruption, bypass certain security restrictions and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox ESR version 17.0.6 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
- Unspecified vulnerabilities in the browser engine.
- The Chrome Object Wrapper (COW) implementation does not prevent acquisition of chrome privileges.
- 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale' functions do not initialize data structures.
- Errors in 'SelectionIterator::GetNextSegment',
'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph' functions.
- Use-after-free vulnerabilities in following functions, 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and 'mozilla::plugins::child::_geturlnotify'.
Affected
Mozilla Firefox ESR version before 17.x before 17.0.6 on Windows
References
Severity
Classification
-
CVE CVE-2013-0801, CVE-2013-1670, CVE-2013-1672, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities