This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is affected by
The installed version of Firefox is earlier than 10.0.4 and thus, is
potentially affected by the following security issues :
- An off-by-one error exists in the 'OpenType Sanitizer'
which can lead to out-bounds-reads and possible code
- Memory safety issues exist that could lead
to arbitrary code execution. (CVE-2012-0467)
- A use-after-free error exists related to 'IDBKeyRange'
of 'indexedDB'. (CVE-2012-0469)
- Heap-corruption errors exist related to
'gfxImageSurface' which can lead to possible code
- A multi-octet encoding issue exists that could allow
cross-site scripting attacks as certain octets in
multibyte character sets can destroy following octets.
- An error exists in 'WebGLBuffer' that can lead to the
reading of illegal video memory. (CVE-2012-0473)
- An unspecified error can allow URL bar spoofing.
- A decoding issue exists related to 'ISO-2022-KR' and
'ISO-2022-CN' character sets which can lead to cross-
site scripting attacks. (CVE-2012-0477)
- An error exists related to 'WebGL' and 'texImage2D'
that can allow application crashes and possibly code
execution when 'JSVAL_TO_OBJECT' is used on ordinary
- Address bar spoofing is possible when 'Atom XML' or
'RSS' data is loaded over HTTPS leading to phishing
See also :
Upgrade to Firefox 10.0.4 ESR or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 58893 ()
Bugtraq ID: 53219532205322253223532245322553227532285322953231
CVE ID: CVE-2011-3062CVE-2012-0467CVE-2012-0469CVE-2012-0470CVE-2012-0471CVE-2012-0473CVE-2012-0474CVE-2012-0477CVE-2012-0478CVE-2012-0479
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.