Mozilla Firefox < 25.0 / 24.1 (ESR version) / 17.0.10 (ESR version) Multiple Vulnerabilities
PVS ID: 8044 FAMILY: Web Clients RISK: HIGH NESSUS ID:70702
Description: Synopsis :\n\nThe remote host has a web browser installed that is vulnerable to multiple attack vectors.\n\nVersions of Mozilla Firefox earlier than 25.0 (or ESR versions earlier than 24.0 and 17.0.10) are prone to the following vulnerabilities:\n\n - Miscellaneous use-after-free issues in the browsing engine (CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)\n\n - Memory corruption in the Javascript engine when using workers with direct proxy (CVE-2013-5602)\n\n - Use-after-free issues when interacting with HTML templates (CVE-2013-5603)\n\n - Security bypass via iframe injection using PDF.js (CVE-2013-5598)\n\n - Miscellaneous memory safety issues in the browser engine (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-1739)\n\n - Address spoofing in the addressbar via SELECT element, which can lead to clickjacking and other spoof attacks (CVE-2013-5593)\n\n - Access violation due to uninitialized data in XSLT processing (CVE-2013-5604)\n\n - Potential buffer/memory overflows in the Javascript engine (CVE-2013-5595)\n\n - Race condition causing a crash on extremely large pages (CVE-2013-5596)\n\n - A use-after-free issue during state change events when updating the offline cache (CVE-2013-5597)\n\nThe detected version from the remote host was :\n %L

Solution: Upgrade to Firefox 25.0 (or Firefox ESR versions 24.1 / 17.0.10, as appropriate), or later.


Copyright Tenable Network Security Inc. 2013