Summary
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, cause a denial of service, spoof the address bar and conduct clickjacking attacks.
Impact Level: System/Application.
Solution
Upgrade to Mozilla Firefox ESR version 24.1 or later, For updates refer to http://www.mozilla.org/en-US/firefox/organizations/all.html
Insight
Multiple flaws due to,
- Use-after-free vulnerability in the
'nsContentUtils::ContentIsHostIncludingDescendantOf' function.
- Improper handling of the appending of an IFRAME element in 'PDF.js'.
- Unspecified vulnerabilities in the browser engine.
- Improper restriction of the nature or placement of HTML within a dropdown menu.
- Improper determination of the thread for release of an image object.
Affected
Mozilla Firefox ESR version 24.x before 24.1 on Mac OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5591, CVE-2013-5593, CVE-2013-5596, CVE-2013-5598, CVE-2013-5603 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe Acrobat Remote Code Execution Vulnerability(Win)