Summary
This host is installed with Mozilla Firefox ESR
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote
attackers to bypass certain security restrictions, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox ESR version 31.4
or later, For updates refer to https://www.mozilla.org/en-US/firefox/organizations
Insight
Multiple flaws exist due to,
- A use-after-free error when handling tracks within WebRTC.
- An error when handling a '407 Proxy Authentication' response with a 'Set-Cookie' header from a web proxy.
- Some unspecified errors.
- An error when handling a request from 'navigator.sendBeacon' API interface function.
Affected
Mozilla Firefox ESR 31.x before 31.4 on
Mac OS X
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
- http://secunia.com/advisories/62253
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-01
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-03
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-04
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-06
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8634, CVE-2014-8638, CVE-2014-8639, CVE-2014-8641 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)