Summary
This host is installed with Mozilla Firefox
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to disclose potentially sensitive information, compromise a user's system, bypass certain security restrictions and other unknown impacts.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 34.0
or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple flaws exist due to,
- The CoreGraphics framework logging potentially sensitive input data to the /tmp directory.
- A bad cast issue from the BasicThebesLayer to BasicContainerLayer.
- An error when parsing media content within the 'mozilla::FileBlockCache::Read' function.
- A use-after-free error when parsing certain HTML within the 'nsHtml5TreeOperation' class.
- An error that is triggered when handling JavaScript objects that are passed to XMLHttpRequest that mimics an input stream.
- An error that is triggered when handling a CSS stylesheet that has its namespace improperly declared.
- Multiple unspecified errors.
- An error when filtering object properties via XrayWrappers.
- An error when passing Chrome Object Wrappers (COW) protected chrome objects as native interfaces.
Affected
Mozilla Firefox before version 34.0 on Mac OS X
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1587, CVE-2014-1588, CVE-2014-1589, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594, CVE-2014-1595, CVE-2014-8631, CVE-2014-8632 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
- Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
- Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
- Aardvark Topsites Multiple Vulnerabilities