Summary
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox ESR version 24.5 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple flaws are due to,
- Using certain temp directory within maintenservice_installer.exe in an insecure way.
- An error exists when validating the XBL status of an object.
- An error exists when handling site notifications within the Web Notification API.
- An error exists when handling browser navigations through history to load a website.
- A use-after-free error exists when handling an imgLoader object within the 'nsGenericHTMLElement::GetWidthHeightForImage()' function.
- An error exists in NSS.
- A use-after-free error exists when handling host resolution within the 'libxul.so!nsHostResolver::ConditionallyRefreshRecord()' function.
- And some unspecified errors exist.
Affected
Mozilla Firefox ESR version 24.x before 24.5 on Mac OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1518, CVE-2014-1520, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - Mac OS X
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)