Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.804042
Category:General
Title:Mozilla Firefox ESR Multiple Vulnerabilities-01 Dec13 (Mac OS X)
Summary:This host is installed with Mozilla Firefox ESR and is prone to multiple; vulnerabilities.
Description:Summary:
This host is installed with Mozilla Firefox ESR and is prone to multiple
vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove
function

- JavaScript implementation does not properly enforce certain
typeset restrictions on the generation of GetElementIC typed array stubs

- Use-after-free vulnerability in the nsEventListenerManager::HandleEvent
SubType function

- unspecified error in nsGfxScrollFrameInner::IsLTR function

- Flaw is due to the program ignoring the setting to remove the trust for
extended validation (EV) capable root certificates

Vulnerability Impact:
Successful exploitation will allow attackers to conduct cross-site scripting
attacks, bypass certain security restrictions, disclose potentially sensitive
information, and compromise a user's system.

Affected Software/OS:
Mozilla Firefox ESR version 24.x before 24.2 on Mac OS X.

Solution:
Upgrade to Mozilla Firefox ESR version 24.2 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 64204
BugTraq ID: 64203
BugTraq ID: 64216
BugTraq ID: 64209
BugTraq ID: 64211
BugTraq ID: 64212
BugTraq ID: 64213
Common Vulnerability Exposure (CVE) ID: CVE-2013-5609
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
https://security.gentoo.org/glsa/201504-01
RedHat Security Advisories: RHSA-2013:1812
http://rhn.redhat.com/errata/RHSA-2013-1812.html
http://www.securitytracker.com/id/1029470
http://www.securitytracker.com/id/1029476
SuSE Security Announcement: SUSE-SU-2013:1919 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:1916 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
SuSE Security Announcement: openSUSE-SU-2013:1917 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
SuSE Security Announcement: openSUSE-SU-2013:1918 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
SuSE Security Announcement: openSUSE-SU-2013:1957 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
SuSE Security Announcement: openSUSE-SU-2013:1958 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
SuSE Security Announcement: openSUSE-SU-2013:1959 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
SuSE Security Announcement: openSUSE-SU-2014:0008 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
http://www.ubuntu.com/usn/USN-2052-1
http://www.ubuntu.com/usn/USN-2053-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-5613
Common Vulnerability Exposure (CVE) ID: CVE-2013-5615
Common Vulnerability Exposure (CVE) ID: CVE-2013-5616
Common Vulnerability Exposure (CVE) ID: CVE-2013-5618
Common Vulnerability Exposure (CVE) ID: CVE-2013-6671
http://www.securityfocus.com/bid/64212
Common Vulnerability Exposure (CVE) ID: CVE-2013-6673
http://www.securityfocus.com/bid/64213
CopyrightCopyright (C) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.