Summary
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox ESR version 24.2 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple flaws are due to,
- Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function.
- JavaScript implementation does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs.
- Use-after-free vulnerability in the nsEventListenerManager::HandleEvent SubType function
- unspecified error in nsGfxScrollFrameInner::IsLTR function.
- Flaw is due to the program ignoring the setting to remove the trust for extended validation (EV) capable root certificates.
Affected
Mozilla Firefox ESR version 24.x before 24.2 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5609, CVE-2013-5613, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-6673 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)