How to Buy
This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is affected by
The installed version of Firefox is earlier than 7.0 and thus, is
potentially affected by the following security issues :
- If an attacker could trick a user into holding down the
'Enter' key, via a malicious game, for example, a
malicious application or extension could be downloaded
and executed.(CVE-2011-2372, CVE-2011-3001)
- Unspecified errors exist that can be exploited to
corrupt memory. No additional information is available
at this time. (CVE-2011-2995, CVE-2011-2997)
- A weakness exists when handling the 'Location' header.
This can lead to response splitting attacks when
visiting a vulnerable web server. The same fix has been
applied to the headers 'Content-Length' and
- An error exists within WebGL's ANGLE library. It does
not properly check for return values from the
'GrowAtomTable()' function. This vulnerability can be
exploited to cause a buffer overflow by sending a
series of requests. Additionally, an unspecified error
exists within WebGL that can be exploited to corrupt
memory. (CVE-2011-3002, CVE-2011-3003)
- There is an error within the JSSubScriptLoader that
incorrectly unwraps 'XPCNativeWrappers'. By tricking
a user into installing a malicious plug-in, an attacker
could exploit this issue to execute arbitrary code.
- A use-after-free error exists when parsing OGG headers.
- There is an unspecified error within the YARR regular
expression library that can be exploited to corrupt
See also :
Upgrade to Firefox 7.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 56377 ()
Bugtraq ID: 49808498104981149812498134983749847498494985049852
CVE ID: CVE-2011-2372CVE-2011-2995CVE-2011-2997CVE-2011-3000CVE-2011-3001CVE-2011-3002CVE-2011-3003CVE-2011-3004CVE-2011-3005CVE-2011-3232
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.