Summary
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox ESR version 24.2 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple flaws are due to,
- Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function.
- JavaScript implementation does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs.
- Use-after-free vulnerability in the nsEventListenerManager::HandleEvent SubType function
- unspecified error in nsGfxScrollFrameInner::IsLTR function.
- Flaw is due to the program ignoring the setting to remove the trust for extended validation (EV) capable root certificates.
Affected
Mozilla Firefox ESR version 24.x before 24.2 on Mac OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5609, CVE-2013-5613, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-6673 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- 3S CoDeSys CmpWebServer Multiple Vulnerabilities
- Adobe Air Multiple Vulnerabilities - October 12 (Windows)