Mozilla Firefox Integer Overflow Vulnerability-01 Nov13 (Mac OS X) Network Vulnerability

Summary

This host is installed with Mozilla Firefox and is prone to integer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Impact Level: Application

Solution

Upgrade to Mozilla Firefox version 25.0.1 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html

Insight

The flaw is due to integer overflow in the 'PL_ArenaAllocate' function in Mozilla Netscape Portable Runtime (NSPR).

Affected

Mozilla Firefox before version 25.0.1 on Mac OS X

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://archives.neohapsis.com/archives/bugtraq/current/0105.html
http://secunia.com/advisories/55732
http://www.mozilla.org/security/announce/2013/mfsa2013-103.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5607

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)
Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)

Take action and discover your vulnerabilities