Summary
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to bypass certain security restrictions and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox ESR version 24.7 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple flaws are due to,
- A use-after-free error related to ordering of control messages for Web Audio.
- A use-after-free error in DirectWrite when rendering MathML.
- A use-after-free error when handling the FireOnStateChange event.
- An unspecified error when using the Cesium JavaScript library to generate WebGL content.
and Some unspecified errors.
Affected
Mozilla Firefox ESR version 24.x before 24.7 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1544, CVE-2014-1547, CVE-2014-1551, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)