Summary
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, memory corruption, bypass certain security restrictions and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 21.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
- Unspecified vulnerabilities in the browser engine.
- The Chrome Object Wrapper (COW) implementation does not prevent acquisition of chrome privileges.
- Does not properly implement the INPUT element.
- Does not properly maintain Mozilla Maintenance Service registry entries.
- 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale' functions do not initialize data structures.
- Errors in 'SelectionIterator::GetNextSegment',
'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph' functions.
- Use-after-free vulnerabilities in following functions, 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and 'mozilla::plugins::child::_geturlnotify'.
Affected
Mozilla Firefox version before 21.0 on Mac OS X
References
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Windows)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)