Summary
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, cause a denial of service and conduct buffer overflow attacks.
Impact Level: System/Application.
Solution
Upgrade to Mozilla Firefox ESR version 17.0.10 or 24.1 or later, For updates refer http://www.mozilla.org/en-US/firefox/organizations/all.html
Insight
Multiple flaws due to,
- Improper data initialization in the 'txXPathNodeUtils::getBaseURI' function.
- An error in 'Worker::SetEventListener' function in Web workers implementation.
- Use-after-free vulnerability in the
'nsEventListenerManager::SetEventHandler' function.
- Use-after-free vulnerability in 'nsIOService::NewChannelFromURIWithProxyFlags' function.
- Use-after-free vulnerability in the 'nsIPresShell::GetPresContext' function.
- Use-after-free vulnerability in 'nsDocLoader::doStopDocumentLoad' function.
- Multiple unspecified vulnerabilities in the browser engine.
- Improper memory allocation for unspecified functions by JavaScript engine.
Affected
Mozilla Firefox ESR version 17.x before 17.0.10 and 24.x before 24.1 on Windows.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe Flash Media Server multiple vulnerabilities
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)