Summary
This host is installed with Mozilla Firefox
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to disclose potentially sensitive information, compromise a user's system, bypass certain security restrictions and other unknown impacts.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 34.0
or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple flaws exist due to,
- A bad cast issue from the BasicThebesLayer to BasicContainerLayer.
- An error when parsing media content within the 'mozilla::FileBlockCache::Read' function.
- A use-after-free error when parsing certain HTML within the 'nsHtml5TreeOperation' class.
- An error that is triggered when handling JavaScript objects that are passed to XMLHttpRequest that mimics an input stream.
- An error that is triggered when handling a CSS stylesheet that has its namespace improperly declared.
- Multiple unspecified errors.
- An error when filtering object properties via XrayWrappers.
- An error when passing Chrome Object Wrappers (COW) protected chrome objects as native interfaces.
Affected
Mozilla Firefox before version 34.0 on Windows
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1587, CVE-2014-1588, CVE-2014-1589, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594, CVE-2014-8631, CVE-2014-8632 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Remote Desktop Information Disclosure Vulnerability
- Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)
- Apache Tomcat Multiple Vulnerabilities - 03 Mar14
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)