Summary
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 28.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple flaws are due to,
- Local users can gain privileges by modifying the extracted Mar contents during an update.
- A boundary error when decoding WAV audio files.
- The crypto.generateCRMFRequest method does not properly validate a certain key type.
- An error related to certain WebIDL-implemented APIs.
- An error when performing polygon rendering in MathML.
- The session-restore feature does not consider the Content Security Policy of a data URL.
- A timing error when processing SVG format images with filters and displacements.
- A use-after-free error when handling garbage collection of TypeObjects under memory pressure.
- An error within the TypedArrayObject implementation when handling neutered ArrayBuffer objects.
- And some unspecified errors exist.
Affected
Mozilla Firefox version before 28.0 on Mac OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe Captivate Insecure Library Loading Vulnerability
- Adobe Air Remote Code Execution Vulnerability -June13 (Windows)