Summary
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 29.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple flaws are due to,
- Using certain temp directory within maintenservice_installer.exe in an insecure way.
- An error exists when handling Web Audio.
- An error exists when validating the XBL status of an object.
- A use-after-free error exists when processing HTML video in the Text Track Manager.
- An error exists when handling site notifications within the Web Notification API.
- An error exists when handling browser navigations through history to load a website.
- A use-after-free error exists when handling an imgLoader object within the 'nsGenericHTMLElement::GetWidthHeightForImage()' function.
- An error exists in NSS.
- A use-after-free error exists when handling host resolution within the 'libxul.so!nsHostResolver::ConditionallyRefreshRecord()' function.
- An error exists when handling the debugging of certain objects.
- And some unspecified errors exist.
Affected
Mozilla Firefox version before 29.0 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1518, CVE-2014-1519, CVE-2014-1520, CVE-2014-1522, CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities