This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Windows host contains a web browser that is potentially
affected by multiple vulnerabilities.
The installed version of Firefox is earlier than 27.0 and is,
therefore, potentially affected by the following vulnerabilities :
- Memory issues exist in the browser engine that could
result in a denial of service or arbitrary code
execution. (CVE-2014-1477, CVE-2014-1478)
- An error exists related to System Only Wrappers (SOW)
and the XML Binding Language (XBL) that could allow
XUL content to be disclosed. (CVE-2014-1479)
- An error exists related to the 'open file' dialog that
could allow users to take unintended actions.
'window' object handling that has unspecified impact.
- An error exists related to 'RasterImage' and image
decoding that could allow application crashes and
possibly arbitrary code execution. (CVE-2014-1482)
- Errors exist related to IFrames,
'document.elementFromPoint' that could allow cross-
origin information disclosure. (CVE-2014-1483)
- An error exists related to the Content Security
Policy (CSP) and XSLT stylesheets that could allow
unintended script execution. (CVE-2014-1485)
- A use-after-free error exists related to image handling
and 'imgRequestProxy' that could allow application
crashes and possibly arbitrary code execution.
- An error exists related to 'web workers' that could
allow cross-origin information disclosure.
- An error exists related to 'web workers' and 'asm.js'
that could allow application crashes and possibly
arbitrary code execution. (CVE-2014-1488)
- An error exists that could allow webpages to access
activate content from the 'about:home' page that
could lead to data loss. (CVE-2014-1489)
- Network Security Services (NSS) contains a race
condition in libssl that occurs during session ticket
processing. A remote attacker can exploit this flaw
to cause a denial of service. (CVE-2014-1490)
- Network Security Services (NSS) does not properly
restrict public values in Diffie-Hellman key exchanges,
allowing a remote attacker to bypass cryptographic
protection mechanisms. (CVE-2014-1491)
See also :
Upgrade to Firefox 27.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Nessus Plugin ID: 72331 ()
Bugtraq ID: 6531665317653206532165322653246532665328653296533065331653326533465335
CVE ID: CVE-2014-1477CVE-2014-1478CVE-2014-1479CVE-2014-1480CVE-2014-1481CVE-2014-1482CVE-2014-1483CVE-2014-1485CVE-2014-1486CVE-2014-1487CVE-2014-1488CVE-2014-1489CVE-2014-1490CVE-2014-1491
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.