The host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.

Successful exploitation will allow attackers to execute arbitrary code, obtain potentially sensitive information, gain escalated privileges, bypass security restrictions, perform unauthorized actions and other attacks may also be possible.

Upgrade to version 23.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html

Multiple flaws due to, - Error in crypto.generateCRMFRequest function. - Does not properly restrict local-filesystem access by Java applets. - Multiple Unspecified vulnerabilities in the browser engine. - Multiple untrusted search path vulnerabilities in full installer, stub installer and updater.exe. - Web Workers implementation is not properly restrict XMLHttpRequest calls. - Usage of incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy. - The XrayWrapper implementation does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls. - Improper handling of interaction between FRAME elements and history. - Improper handling of WAV file by the 'nsCString::CharAt' function. - Stack-based buffer overflow in Mozilla Updater and maintenanceservice.exe. - Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function. - Use-after-free vulnerability in the 'nsINode::GetParentNode' function.

Mozilla Firefox before 23.0 on Mac OS X

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://secunia.com/advisories/54413
• http://www.mozilla.org/security/announce/2013/mfsa2013-75.html
• https://bugzilla.mozilla.org/show_bug.cgi?id=406541

---

Updated on 2015-03-25