Summary
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code, memory corruption, bypass certain security restrictions and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 21.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
- Unspecified vulnerabilities in the browser engine.
- The Chrome Object Wrapper (COW) implementation does not prevent acquisition of chrome privileges.
- Does not properly implement the INPUT element.
- Does not properly maintain Mozilla Maintenance Service registry entries.
- 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale' functions do not initialize data structures.
- Errors in 'SelectionIterator::GetNextSegment',
'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph' functions.
- Use-after-free vulnerabilities in following functions, 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and 'mozilla::plugins::child::_geturlnotify'.
Affected
Mozilla Firefox version before 21.0 on Windows
References
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities - November12 (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)