Description: | Summary: This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Vulnerability Insight: Multiple flaws exist due to:
- Some unspecified errors.
- An error when rendering a bitmap image by the bitmap decoder within a canvas element.
- An error when handling a request from 'navigator.sendBeacon' API interface function.
- An error when handling a '407 Proxy Authentication' response with a 'Set-Cookie' header from a web proxy.
- A use-after-free error when handling tracks within WebRTC.
- An error when handling the 'id-pkix-ocsp-nocheck' extension during verification of a delegated OCSP (Online Certificate Status Protocol) response signing certificate.
- An error when handling DOM (Document Object Model) objects with certain properties.
- Improper restriction of timeline operations by the 'mozilla::dom::AudioParamTimeline::AudioNodeInputValue' function in the Web Audio API.
Vulnerability Impact: Successful exploitation will allow remote attackers to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
Affected Software/OS: Mozilla Firefox before version 35.0 on Mac OS X
Solution: Upgrade to Mozilla Firefox version 35.0 or later.
CVSS Score: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
|